我有一个带有 Grails 2.2.3 的应用程序,它使用插件 Spring Security Core 1.2.7.3、Spring Security CAS 1.0.5 和 Spring Security LDAP 1.0.6。
我将 LDAP 用于角色、用户存储和用户信息,并将 CAS 用于单点登录。当我第一次进行身份验证时,我得到一个BadCredentials
异常(那个说“无法找到具有该用户名和密码的用户。”),但是如果我第二次尝试它会正确验证。
当我调试该异常时,它实际上是由错误引起的:
org.jasig.cas.client.validation.TicketValidationException:
ticket 'my-ticket' does not match supplied service
有谁知道是什么导致了这个错误或如何解决它?以下是 resources.groovy 中的设置:
initialDirContextFactory(DefaultSpringSecurityContextSource, "ldap://ldap.company.com:389") {
userDn = "CN=Admin,OU=Users,DC=company,DC=com"
password = "password"
}
ldapUserSearch(FilterBasedLdapUserSearch,
"OU=Users,DC=company,DC=com",
"employeeId={0}",
initialDirContextFactory) { }
ldapUserDetailsMapper(MyLdapUserDetailsContextMapper) { }
ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,
"ou=Groups,OU=Users,DC=company,DC=com") {
groupRoleAttribute = "cn"
groupSearchFilter = "member={0}"
rolePrefix = ""
searchSubtree = true
convertToUpperCase = true
ignorePartialResultException = true
}
userDetailsService(LdapUserDetailsService, ldapUserSearch, ldapAuthoritiesPopulator) {
userDetailsMapper = ref('ldapUserDetailsMapper')
}
我在 config.groovy 中的设置:
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas.company.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.defaultTargetUrl = '/'
grails.plugins.springsecurity.alwaysUseDefault = false