【发布时间】:2018-04-05 07:26:25
【问题描述】:
我正在尝试在 oauth2 中使用带有 Spring Boot 安全性的 LDAP 进行身份验证。我的配置如下所示
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE)
@EnableWebSecurity
public class LdapConfiguration extends WebSecurityConfigurerAdapter {
private static String url ="ldap://myldapdomain.com:389/OU=Users,OU=Accounts,DC=myldapdomain,DC=com";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
@Configuration
protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userSearchFilter("(uid={0})")
.contextSource().url(url);
}
}
}
当我尝试使用所需的 LDAP 用户 ID 和密码登录 http://localhost:9000/api/oauth/token 时,出现以下异常
{
"timestamp": 1508848799342,
"status": 401,
"error": "Unauthorized",
"message": "Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\u0000]; remaining name '/'",
"path": "/api/oauth/token"
}
谁能帮我解决这个问题
更新 1
我使用下面的代码 authenticateUser 函数创建了一个用于 LDAP 身份验证的 Java 独立应用程序。在那里我可以成功登录
private String ldapURL = "ldap://myldapdomain:389";
private String ldapDomain = "myldapdomain.com";
public void authenticateUser(String username, String password) throws NamingException {
Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.PROVIDER_URL, ldapURL);
env.put(Context.SECURITY_PRINCIPAL, username + "@" + ldapDomain);
env.put(Context.SECURITY_CREDENTIALS, password);
DirContext context = null;
try {
context = new InitialDirContext(env);
} catch (Exception e) {
if (context != null) {
context.close();
}
System.out.println("LDAP auth Failed:::"+ e.getMessage());
//throw new LoginFailedException("Invalid User Id orPassword");
}
}
【问题讨论】:
-
this 会帮忙吗?
-
@xiaofeng.li 不太了解到底是什么问题
标签: java spring spring-boot oauth-2.0 ldap