【问题标题】:LDAP SSL with Spring Security on WAS 6.1WAS 6.1 上带有 Spring Security 的 LDAP SSL
【发布时间】:2013-06-23 11:54:22
【问题描述】:

我已经成功设置了基于 LDAPS 容器的身份验证,现在正尝试让它与 Spring Security 一起使用,因为我还需要执行查找/查询。

在 WAS 中,所有端点都使用正确的密钥库(WC_DefaulHost 除外)。此外,我还为 ldaps、host、port 设置了动态端点配置。

当我尝试登录时,我只是收到“spring_security_login?login_error”并且没有 system.out 异常。

我错过了什么吗?端点配置还不够吗?有什么方法可以获取更多信息以进行故障排除?

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <authentication-manager>
        <authentication-provider ref="ldapAuthProvider" />
    </authentication-manager>

    <beans:bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <!-- AD authenticator -->       
        <beans:constructor-arg value="ldaps://host:port/DC=" />
        <beans:property name="userDn" value="CN=,OU=,DC=" />
        <beans:property name="password" value="" />
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
        class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean id="wimLdapAuthenticator"
                class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource" />
                <beans:property name="userSearch">
                    <beans:bean id="userSearch"
                        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

                        <beans:constructor-arg index="0" value="" />
                        <beans:constructor-arg index="1" value="CN={0}" />
                        <beans:constructor-arg index="2" ref="contextSource" />
                    </beans:bean>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <http auto-config="true" pattern="/**">
        <!-- Security zones -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <intercept-url pattern="/spring_security_login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>

</beans:beans>

【问题讨论】:

    标签: spring-security ldap websphere websphere-6.1


    【解决方案1】:

    它现在可以工作了.. 似乎不是 SSL 问题... 我切换了拦截 URL 的顺序,以便 /** 是最后一个并添加了自定义登录表单..

    <form-login login-page="/login" default-target-url="/viewAllTeams" authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" />
    <form-login default-target-url="/viewAllTeams"/>
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/loginfailed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
    

    我还发现您可以使用以下方法显示异常:

    <div class="errorblock">
        Your login attempt was not successful, try again.<br /> Caused :
        ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </div>
    

    【讨论】:

      猜你喜欢
      • 2011-09-19
      • 2011-08-01
      • 2011-07-08
      • 1970-01-01
      • 2018-04-15
      • 1970-01-01
      • 2012-05-19
      • 2014-07-28
      • 2013-07-25
      相关资源
      最近更新 更多