3

我有一个带有 Grails 2.2.3 的应用程序,它使用插件 Spring Security Core 1.2.7.3、Spring Security CAS 1.0.5 和 Spring Security LDAP 1.0.6。

我将 LDAP 用于角色、用户存储和用户信息,并将 CAS 用于单点登录。当我第一次进行身份验证时,我得到一个BadCredentials异常(那个说“无法找到具有该用户名和密码的用户。”),但是如果我第二次尝试它会正确验证。

当我调试该异常时,它实际上是由错误引起的:

org.jasig.cas.client.validation.TicketValidationException: 
    ticket 'my-ticket' does not match supplied service

有谁知道是什么导致了这个错误或如何解决它?以下是 resources.groovy 中的设置:

initialDirContextFactory(DefaultSpringSecurityContextSource, "ldap://ldap.company.com:389") {
    userDn = "CN=Admin,OU=Users,DC=company,DC=com"
    password = "password"
}

ldapUserSearch(FilterBasedLdapUserSearch,
               "OU=Users,DC=company,DC=com",
               "employeeId={0}",
               initialDirContextFactory) { }

ldapUserDetailsMapper(MyLdapUserDetailsContextMapper) { }

ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator,
                         initialDirContextFactory,
                         "ou=Groups,OU=Users,DC=company,DC=com") {
    groupRoleAttribute = "cn"
    groupSearchFilter = "member={0}"
    rolePrefix = ""
    searchSubtree = true
    convertToUpperCase = true
    ignorePartialResultException = true
}

userDetailsService(LdapUserDetailsService, ldapUserSearch, ldapAuthoritiesPopulator) {
    userDetailsMapper = ref('ldapUserDetailsMapper')
}

我在 config.groovy 中的设置:

grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas.company.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"

grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']

grails.plugins.springsecurity.defaultTargetUrl = '/'
grails.plugins.springsecurity.alwaysUseDefault = false
4

0 回答 0