当前位置: 文江博客话题详情

Spring Security 2.0.6 使用 Active Directory 进行身份验证

发布于 2024-09-30 22:42:02 字数 4303 浏览 1 评论 0原文

我尝试使用 Ldap-Active Directory 和 Spring Security 2.0.6 进行身份验证。但不知道为什么认证没有通过...

在这里可以看到控制台:

> INFO  [Server] JBoss (MX MicroKernel)
> [4.2.3.GA (build:
> SVNTag=JBoss_4_2_3_GA
> date=200807181439)] Started in
> 30s:118ms
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno1; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: User secretariauno1 not
> found in directory.
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Bad credentials; nested
> exception is
> org.springframework.ldap.AuthenticationException:
> [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e,
> v1db0
> 
> INFO  [STDOUT] [INFO] The
> returnObjFlag of supplied
> SearchControls is not set but a
> ContextMapper is used - setting flag
> to true
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureServiceExceptionEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Unprocessed Continuation
> Reference(s); nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''; nested exception is
> org.springframework.ldap.PartialResultException:
> Unprocessed Continuation Reference(s);
> nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''

有三个[WARN],第一个secretariauno1不在LDAP中。第二,密码错误。但第三个,很好,但没有通过。它返回到日志页面。我一直在寻找“returnObjFlag”和关于“剩余名称”而没有目标...

请,如果有人可以帮助我...,谢谢!

在这里你可以看到 applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                      http://www.springframework.org/schema/security
                      http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <bean id="loggerListener"
          class="org.springframework.security.event.authentication.LoggerListener" />

    <security:http>
        <security:intercept-url pattern="/**" access="ROLE_USUARIO_AUTENTICADO" />
        <security:intercept-url pattern="/login.jsp" filters="none"/>
        <security:intercept-url pattern="/css/*" filters="none"/>
        <security:form-login
            login-processing-url="/j_security_check"
            login-page="/login.jsp"
            default-target-url="/index.jsp"
            always-use-default-target="true"
            authentication-failure-url="/login.jsp" />
        <security:anonymous/>
        <security:http-basic/>
        <security:logout/>
    </security:http>

    <security:ldap-server id="ldapServer"
                          url="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"
                          manager-dn="cn=desLector,ou=Users,dc=preminjus,dc=es"
                          manager-password="pwd123"/>   

    <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})"
                                           user-search-base="ou=Users"/>



    <security:ldap-user-service server-ref="ldapServer"
                                user-search-filter="sAMAccountName={0}"
                                user-search-base="ou=Users"/>

</beans>
原文

I have tried to put de authentication with Ldap-Active Directory and Spring Security 2.0.6. But I don't know why the authentication don't pass...

Here you can see the console:

> INFO  [Server] JBoss (MX MicroKernel)
> [4.2.3.GA (build:
> SVNTag=JBoss_4_2_3_GA
> date=200807181439)] Started in
> 30s:118ms
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno1; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: User secretariauno1 not
> found in directory.
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Bad credentials; nested
> exception is
> org.springframework.ldap.AuthenticationException:
> [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e,
> v1db0
> 
> INFO  [STDOUT] [INFO] The
> returnObjFlag of supplied
> SearchControls is not set but a
> ContextMapper is used - setting flag
> to true
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureServiceExceptionEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Unprocessed Continuation
> Reference(s); nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''; nested exception is
> org.springframework.ldap.PartialResultException:
> Unprocessed Continuation Reference(s);
> nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''

There are three [WARN], the first secretariauno1 is not in LDAP. The second, the password is bad. But the thirds, is good and it don't pass. It return to loging page. I have looked for "returnObjFlag" and about "remaining name" without goals...

Please, if anyone can help me..., THANK YOU!!!

Here you can see tha applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                      http://www.springframework.org/schema/security
                      http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <bean id="loggerListener"
          class="org.springframework.security.event.authentication.LoggerListener" />

    <security:http>
        <security:intercept-url pattern="/**" access="ROLE_USUARIO_AUTENTICADO" />
        <security:intercept-url pattern="/login.jsp" filters="none"/>
        <security:intercept-url pattern="/css/*" filters="none"/>
        <security:form-login
            login-processing-url="/j_security_check"
            login-page="/login.jsp"
            default-target-url="/index.jsp"
            always-use-default-target="true"
            authentication-failure-url="/login.jsp" />
        <security:anonymous/>
        <security:http-basic/>
        <security:logout/>
    </security:http>

    <security:ldap-server id="ldapServer"
                          url="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"
                          manager-dn="cn=desLector,ou=Users,dc=preminjus,dc=es"
                          manager-password="pwd123"/>   

    <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})"
                                           user-search-base="ou=Users"/>



    <security:ldap-user-service server-ref="ldapServer"
                                user-search-filter="sAMAccountName={0}"
                                user-search-base="ou=Users"/>

</beans>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

断舍离 2024-10-07 22:42:02

解决了

好吧,最后我已经迁移到 Spring Security 3.0.4。问题是您必须使用 bean 定义,因为 Active Directory 需要 Populator bean。

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

 <bean id="loggerListener"
    class="org.springframework.security.authentication.event.LoggerListener" />

 <security:http>
  <security:session-management>
   <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
  </security:session-management>
  <security:intercept-url pattern="/css/*" filters="none"/>
  <security:intercept-url pattern="/login.jsp" filters="none"/>
     <security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" />
     <security:form-login
   login-processing-url="/j_spring_security_check"
   login-page="/login.jsp"
   default-target-url="/index.jsp"
   always-use-default-target="true"
   authentication-failure-url="/login.jsp" />
  <security:anonymous/>
  <security:http-basic/>
  <security:logout/>
 </security:http>

 <security:authentication-manager>
    <security:authentication-provider ref='ldapAuthProvider' />
 </security:authentication-manager>


 <!-- 
 * The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter
   what is included in LDAP as memberOf, for example, if it have value="ou=Users" the
   users without thios group don't have access. 

 * It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor. 
   But, for example, if in the LDAP, the user have in memberOf attribute:
   "CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for
   OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix,
    "PREADM" is for CN=Preadm in the memberOf.
   -->

 <bean id="ldapAuthProvider"
         class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
   <bean id="bindAuthenticator" 
      class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userSearch" ref="userSearch"/>
   </bean>
    </constructor-arg>
    <constructor-arg>
      <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource"/>
    <constructor-arg value="ou=Users"/>
    <property name="defaultRole" value="ROLE_USER_AUTENTICADO"/>
    <property name="searchSubtree" value="true" />
    <property name="ignorePartialResultException" value="true"/>
      </bean>
  </constructor-arg>
 </bean> 

 <bean id="userSearch"
   class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <constructor-arg index="0" value="ou=Users"/> 
  <constructor-arg index="1" value="(sAMAccountName={0})"/>
  <constructor-arg index="2" ref="contextSource" />
  <property name="searchSubtree" value="true"/>
 </bean>

 <bean id="contextSource" 
   class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
     <constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/>
     <property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/>
     <property name="password" value="pwd123"/>
 </bean>

</beans>

Resolved

Well, finally I have migrated to Spring Security 3.0.4. The problem was that you have to use the beans definition because Active Directory need the Populator bean.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

 <bean id="loggerListener"
    class="org.springframework.security.authentication.event.LoggerListener" />

 <security:http>
  <security:session-management>
   <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
  </security:session-management>
  <security:intercept-url pattern="/css/*" filters="none"/>
  <security:intercept-url pattern="/login.jsp" filters="none"/>
     <security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" />
     <security:form-login
   login-processing-url="/j_spring_security_check"
   login-page="/login.jsp"
   default-target-url="/index.jsp"
   always-use-default-target="true"
   authentication-failure-url="/login.jsp" />
  <security:anonymous/>
  <security:http-basic/>
  <security:logout/>
 </security:http>

 <security:authentication-manager>
    <security:authentication-provider ref='ldapAuthProvider' />
 </security:authentication-manager>


 <!-- 
 * The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter
   what is included in LDAP as memberOf, for example, if it have value="ou=Users" the
   users without thios group don't have access. 

 * It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor. 
   But, for example, if in the LDAP, the user have in memberOf attribute:
   "CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for
   OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix,
    "PREADM" is for CN=Preadm in the memberOf.
   -->

 <bean id="ldapAuthProvider"
         class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
   <bean id="bindAuthenticator" 
      class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userSearch" ref="userSearch"/>
   </bean>
    </constructor-arg>
    <constructor-arg>
      <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource"/>
    <constructor-arg value="ou=Users"/>
    <property name="defaultRole" value="ROLE_USER_AUTENTICADO"/>
    <property name="searchSubtree" value="true" />
    <property name="ignorePartialResultException" value="true"/>
      </bean>
  </constructor-arg>
 </bean> 

 <bean id="userSearch"
   class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <constructor-arg index="0" value="ou=Users"/> 
  <constructor-arg index="1" value="(sAMAccountName={0})"/>
  <constructor-arg index="2" ref="contextSource" />
  <property name="searchSubtree" value="true"/>
 </bean>

 <bean id="contextSource" 
   class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
     <constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/>
     <property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/>
     <property name="password" value="pwd123"/>
 </bean>

</beans>
回复 原文
鹤仙姿 2024-10-07 22:42:02

也许此链接可以帮助您。这个问题有一个可能的原因。

这可能是由于需要遵循推荐搜索。

此链接 还与配置引用的一种方法相关。

Perhaps this link could help you. There is a possible reason for the problem.

It is probably due to a need to follow referral searches.

This link is also related on one way to configure referral.

回复 原文
~没有更多了~

关于作者

岛歌少女

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文