Spring Security工作时，Spring LdapRepository不返回任何结果 [英] Spring LdapRepository returns no results while Spring Security works

问题描述

我的问题

我正在使用LdapRepository从Ldap服务器获取用户信息. Spring Security还会查询此Ldap服务器以对用户进行身份验证.

I am using an LdapRepository to get user information from an Ldap server. This Ldap server is also queried by Spring Security to authenticate user.

我的问题是，Spring Security能够查找和识别用户，而我无法使用同一LdapContextSource通过我的LdapRepository查找用户.以任何方式查询LdapRepository都不会返回结果(null或空列表).

My issue is, that Spring Security is able to find and identify users, while I'm unable to find users through my LdapRepository, using the same LdapContextSource. Querying the LdapRepository in any way does not return results (null or empty Lists).

我尝试过的事情

• 直接使用 ldapsearch 工具- Works
• 使用LdapQuery代替findByUsername方法-不起作用
• 测试方法，例如findAll()(CrudRepository)-返回空列表
• 尝试从spring-ldap获取日志- 似乎是不可能吗?

• Using the ldapsearch tool directly - Works
• Using LdapQuery instead of the findByUsername method - Does not work
• Testing methods like findAll() (CrudRepository) - Returns an empty List
• Trying to get logs from spring-ldap - Seems to be impossible?

使用的ldapsearch命令:ldapsearch -x -H ldaps://<domain> -b o=<org> uid=<uid>

Used ldapsearch command: ldapsearch -x -H ldaps://<domain> -b o=<org> uid=<uid>

在Wireshark中查看流量(使用ldap而不是ldaps)看起来LdapRepository根本不执行任何查询，连接只是打开和关闭，结果为0.

Viewing the traffic in Wireshark (using ldap instead of ldaps) looks like no query is executed by the LdapRepository at all, the connection just opens and closes with 0 results.

相关代码

LdapContextSource的配置

Configuration of LdapContextSource

@Bean
public LdapContextSource contextSource() {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setUrl("ldaps://<domain>");
    contextSource.setBase("o=<org>");
    return contextSource;
}

SecurityConfiguration

SecurityConfiguration

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final AuthenticationManagerBuilder authenticationManagerBuilder;

    private final LdapContextSource ldapContext;

    public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, LdapContextSource ldapContext) {
        this.authenticationManagerBuilder = authenticationManagerBuilder;
        this.ldapContext = ldapContext;
    }

    @PostConstruct
    public void init() {
        try {
            authenticationManagerBuilder
                    .ldapAuthentication()
                    .contextSource(ldapContext)
                    .userSearchFilter("(uid={0})");
        } catch (Exception e) {
            throw new BeanInitializationException("Security configuration failed", e);
        }
    }
}

UserRepository

UserRepository

@Repository
public interface UserRepository extends LdapRepository<User> {
    User findByUsername(String username);
    List<User> findByUsernameLikeIgnoreCase(String username);
}

用户

@Entry(
  objectClasses = {})
public class User {
    @Id
    private Name id;

    @Attribute(name = "uid", readonly = true)
    private String username;

    public Name getId() {
        return id;
    }

    public String getUsername() {
        return username;
    }
}

推荐答案

我找到了解决方案.

Spring似乎假设User的objectClass是User(如果未明确设置).设置正确的objectClasses可以解决此问题.

Spring seems to assume the objectClass of User is User, if it is not set explicitly. Setting the correct objectClasses fixes this issue.

这篇关于Spring Security工作时，Spring LdapRepository不返回任何结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！