0

我已经成功设置了基于 LDAPS 容器的身份验证,现在正试图让它与 spring security 一起工作,因为我还需要执行查找/查询。

在 WAS 中,所有端点都使用正确的密钥库(WC_DefaulHost 除外)。此外,我还为 ldaps、host、port 设置了动态端点配置。

当我尝试登录时,我只是收到“spring_security_login?login_error”并且没有 system.out 异常。

我错过了什么吗?端点配置还不够吗?有什么方法可以获取更多信息以进行故障排除?

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <authentication-manager>
        <authentication-provider ref="ldapAuthProvider" />
    </authentication-manager>

    <beans:bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <!-- AD authenticator -->       
        <beans:constructor-arg value="ldaps://host:port/DC=" />
        <beans:property name="userDn" value="CN=,OU=,DC=" />
        <beans:property name="password" value="" />
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
        class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean id="wimLdapAuthenticator"
                class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource" />
                <beans:property name="userSearch">
                    <beans:bean id="userSearch"
                        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

                        <beans:constructor-arg index="0" value="" />
                        <beans:constructor-arg index="1" value="CN={0}" />
                        <beans:constructor-arg index="2" ref="contextSource" />
                    </beans:bean>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <http auto-config="true" pattern="/**">
        <!-- Security zones -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <intercept-url pattern="/spring_security_login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>

</beans:beans>
4

1 回答 1

0

它现在正在工作..似乎不是 SSL 问题...我切换了拦截 URL 的顺序,以便 /** 是最后一个并添加了自定义登录表单..

<form-login login-page="/login" default-target-url="/viewAllTeams" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<form-login default-target-url="/viewAllTeams"/>
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/loginfailed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />

我还发现您可以使用以下内容显示异常:

<div class="errorblock">
    Your login attempt was not successful, try again.<br /> Caused :
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
于 2013-06-26T12:41:24.577 回答