Spring Boot LDAP身份验证:总是获得错误的凭证 [英] Spring Boot LDAP Authentication: Always get bad credentials

问题描述

我正在尝试针对本地网络中的Active Directory服务器使用Spring Boot应用程序进行身份验证，但是我不知道我做错了什么.

I'm trying to authenticate with a Spring Boot application against an Active Directory server in my local network, but I don't know what could I be doing wrong.

当我访问本地主机时，我将重定向到登录页面:

When I access localhost I am redirected to the login page:

每当我写任何真实的用户凭据时，我都会被重定向到同一页面，并显示一条错误消息:

Whenever I write any real user credentials, I'm redirected to the same page with an error message:

如果我随机发送一个单词作为用户名和密码，则会得到相同的登录错误屏幕，但此消息还会从Eclipse控制台显示:

If I send a random word as user and password I get the same login error screen, but additionaly this message is shown from Eclipse console:

2016-02-04 18:54:47.591  INFO 10092 --- [nio-8080-exec-8] ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid

从Active Directory服务器中，我要访问的组的专有名称为:CN = Bulnes，OU = Usuarios Locales，DC = Bulnes，DC = local，因此在安全配置类中对其进行如下配置:

From the Active Directory Server, the distinguishedName of the group that I want to access is: CN=Bulnes,OU=Usuarios Locales,DC=Bulnes,DC=local, so it is configured in security configuration class like this:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/css/**").permitAll()
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin();
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            ActiveDirectoryLdapAuthenticationProvider provider=
                    new ActiveDirectoryLdapAuthenticationProvider("bulnes.local"
                            ,"ldap://192.168.1.3:389/"
                            ,"CN=Bulnes,OU=Usuarios Locales,DC=Bulnes,DC=local");
            auth.authenticationProvider(provider);
        }
    }
}

推荐答案

这是我的工作方式:

ad.properties

ad.url=ldap://yourserver.abc.com:389
ad.domain=abc.com

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {   

    @Value("${ad.domain}")
    private String adDomain;

    @Value("${ad.url}")
    private String adUrl;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/login", "/css/**", "/public/**").permitAll().anyRequest().authenticated()
                .and().formLogin().loginPage("/login").defaultSuccessUrl("/", true)             
                .failureUrl("/login?failed=badcredentials")
                .permitAll().and().logout().logoutUrl("/logout")
                .logoutSuccessUrl("/login");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
    }

    @Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(adDomain,
                adUrl);
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);

        return provider;
    }
}

这篇关于Spring Boot LDAP身份验证:总是获得错误的凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！