Spring Security工作时,Spring LdapRepository不返回任何结果 [英] Spring LdapRepository returns no results while Spring Security works
问题描述
我的问题
我正在使用LdapRepository从Ldap服务器获取用户信息. Spring Security还会查询此Ldap服务器以对用户进行身份验证.
I am using an LdapRepository to get user information from an Ldap server. This Ldap server is also queried by Spring Security to authenticate user.
我的问题是,Spring Security能够查找和识别用户,而我无法使用同一LdapContextSource通过我的LdapRepository查找用户.以任何方式查询LdapRepository都不会返回结果(null
或空列表).
My issue is, that Spring Security is able to find and identify users, while I'm unable to find users through my LdapRepository, using the same LdapContextSource. Querying the LdapRepository in any way does not return results (null
or empty Lists).
我尝试过的事情
- 直接使用 ldapsearch 工具- Works
- 使用
LdapQuery
代替findByUsername
方法-不起作用 - 测试方法,例如
findAll()
(CrudRepository
)-返回空列表 - 尝试从
spring-ldap
获取日志- 似乎是不可能吗?
- Using the ldapsearch tool directly - Works
- Using
LdapQuery
instead of thefindByUsername
method - Does not work - Testing methods like
findAll()
(CrudRepository
) - Returns an empty List - Trying to get logs from
spring-ldap
- Seems to be impossible?
使用的ldapsearch命令:ldapsearch -x -H ldaps://<domain> -b o=<org> uid=<uid>
Used ldapsearch command: ldapsearch -x -H ldaps://<domain> -b o=<org> uid=<uid>
在Wireshark中查看流量(使用ldap
而不是ldaps
)看起来LdapRepository根本不执行任何查询,连接只是打开和关闭,结果为0.
Viewing the traffic in Wireshark (using ldap
instead of ldaps
) looks like no query is executed by the LdapRepository at all, the connection just opens and closes with 0 results.
相关代码
LdapContextSource的配置
Configuration of LdapContextSource
@Bean
public LdapContextSource contextSource() {
LdapContextSource contextSource = new LdapContextSource();
contextSource.setUrl("ldaps://<domain>");
contextSource.setBase("o=<org>");
return contextSource;
}
SecurityConfiguration
SecurityConfiguration
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final LdapContextSource ldapContext;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, LdapContextSource ldapContext) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.ldapContext = ldapContext;
}
@PostConstruct
public void init() {
try {
authenticationManagerBuilder
.ldapAuthentication()
.contextSource(ldapContext)
.userSearchFilter("(uid={0})");
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}
}
UserRepository
UserRepository
@Repository
public interface UserRepository extends LdapRepository<User> {
User findByUsername(String username);
List<User> findByUsernameLikeIgnoreCase(String username);
}
用户
@Entry(
objectClasses = {})
public class User {
@Id
private Name id;
@Attribute(name = "uid", readonly = true)
private String username;
public Name getId() {
return id;
}
public String getUsername() {
return username;
}
}
推荐答案
我找到了解决方案.
Spring似乎假设User
的objectClass
是User
(如果未明确设置).设置正确的objectClasses可以解决此问题.
Spring seems to assume the objectClass
of User
is User
, if it is not set explicitly. Setting the correct objectClasses fixes this issue.
这篇关于Spring Security工作时,Spring LdapRepository不返回任何结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!