我正在尝试通过 LDAP 对用户进行身份验证并通过 Database.LDAP 目录进行授权,其中包含具有相应组的用户,并且我想在成功验证时获取该组,并在验证后从数据库中获取具有相应组的 ROLE。
我的弹簧安全配置文件如下。
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.htm" />
</bean>
<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
<security:http security="none" pattern="/login.htm"/>
<security:http security="none" pattern="/js/**"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/ckeditor/**"/>
<security:http security="none" pattern="/dhtmlgrid/**"/>
<security:http security="none" pattern="/xmleditor/**"/>
<security:http auto-config="false" entry-point-ref="authenticationEntryPoint" disable-url-rewriting="true" use-expressions="true">
<security:session-management>
<security:concurrency-control error-if-maximum-exceeded="true" max-sessions="1"/>
</security:session-management>
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="cdlAuthenticationProcessingFilter" />
<security:intercept-url pattern="/displayAdminPage.htm" access="hasRole('admin')" />
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:access-denied-handler ref="accessDeniedHandler" />
<security:logout logout-success-url="/login.htm" logout-url="/logout"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="customLdapAuthenticationProvider"/>
<security:authentication-provider user-service-ref="cdlUserDetailService">
</security:authentication-provider>
</security:authentication-manager>
<bean id="customLdapAuthenticationProvider" class="com.qait.cdl.authentication.customfilter.CustomLdapAuthenticationProvider">
<constructor-arg ref="ldapBindAuthenticator"/>
<constructor-arg ref="ldapAuthoritiesPopulator"/>
</bean>
<bean id="ldapBindAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="ldapContextSource" />
<property name="userDnPatterns"><list><value>uid={0},cn=users</value></list></property>
</bean>
<bean id="ldapAuthoritiesPopulator" class="com.qait.cdl.authentication.customfilter.CdlUserAuthoritiesPopulator">
</bean>
<bean id="ldapContextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://172.16.1.121:389/dc=nodomain"/>
<property name="userDn" value="cn=users,dc=nodomain"/>
<property name="password" value="ldap_admin"/>
</bean>
<bean id="cdlUserDetailService" class="com.qait.cdl.authentication.service.impl.UserDetailsServiceImpl">
<property name="userDao" ref="userDao"/>
</bean>
<bean id="cdlAuthenticationProcessingFilter"
class="com.qait.cdl.authentication.customfilter.CustomAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="userDao" ref="userDao"/>
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/WEB-INF/jsp/access-denied/content.jsp"/>
</bean>
</beans>
在调试整个应用程序时,我在 BindAuthenticator 调用的 AbstractContextSource 中得到了 DirContext 的空值。
My LDAP directory structure is below:
dn: uid=user1,cn=users,dc=nodomain
uid: user1
userPassword:user1
从过去 2 天开始,我一直在努力解决这个错误。任何帮助将不胜感激。如果您需要任何额外的信息,请告诉我。可能是,我的 LDAP 目录结构是错误的。我错在哪里,我不知道?