【问题标题】:Spring Security Active DirectorySpring Security 活动目录
【发布时间】:2017-06-06 10:57:16
【问题描述】:

我正在尝试通过 Spring Security 进行 LDAP 身份验证。

我的代码...

 auth.ldapAuthentication()
            .userSearchFilter("(uid={0})").userSearchBase("ou=TTU")
            .groupSearchFilter("uniqueMember={0}").groupSearchBase("ou=TTU")
            .contextSource(contextSource())
            .passwordCompare()
                .passwordEncoder(new LdapShaPasswordEncoder())
                .passwordAttribute("userPassword");

但总是返回 401 "Bad credentials" 什么样的错误? 也许有人有一个 Java 配置的例子。

【问题讨论】:

    标签: spring-security spring-java-config spring-ldap


    【解决方案1】:

    它的工作......也许有人会有所帮助。

           auth.authenticationProvider(ldapAuthenticationProvider());
           auth.eraseCredentials(true);
    
    
    
    @Bean
    public DefaultSpringSecurityContextSource contextSource(){
    
        DefaultSpringSecurityContextSource contextSource =
                new DefaultSpringSecurityContextSource(Arrays.asList("ldap://url:389/"),"dc=ttu,dc=ru");
        contextSource.setUserDn(userDn);
        contextSource.setPassword(passwordForLDAP);
        contextSource.setReferral("follow");
        return contextSource;
      }
    
    @Bean
    public LdapAuthenticationProvider ldapAuthenticationProvider(){
        return new LdapAuthenticationProvider(ldapAuthenticator(),ldapAuthoritiesPopulator());
    }
    
    @Bean
    public LdapAuthenticator ldapAuthenticator(){
        BindAuthenticator authenticator = new BindAuthenticator(contextSource());
        authenticator.setUserSearch(userSearch());
        return authenticator;
    }
    
    @Bean
    public DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(){
        DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator =
                new DefaultLdapAuthoritiesPopulator(contextSource(),"ou=TTU");
        ldapAuthoritiesPopulator.setSearchSubtree(true);
        ldapAuthoritiesPopulator.setIgnorePartialResultException(true);
        //ldapAuthoritiesPopulator.setGroupSearchFilter("member={0}");
        ldapAuthoritiesPopulator.setRolePrefix("ROLE_");
        ldapAuthoritiesPopulator.setConvertToUpperCase(true);
        return ldapAuthoritiesPopulator;
    }
    
    @Bean
    public FilterBasedLdapUserSearch userSearch(){
        FilterBasedLdapUserSearch filterBasedLdapUserSearch =
                new FilterBasedLdapUserSearch("","(sAMAccountName={0})",contextSource());
        filterBasedLdapUserSearch.setSearchSubtree(true);
        return filterBasedLdapUserSearch;
    }
    

    【讨论】:

      猜你喜欢
      • 2011-03-27
      • 2012-03-04
      • 1970-01-01
      • 1970-01-01
      • 2018-12-06
      • 2015-07-05
      • 1970-01-01
      • 1970-01-01
      • 2012-02-08
      相关资源
      最近更新 更多