春季安全配置,以验证LDAP用户 [英] Spring security configuration to authenticate ldap user
问题描述
我一直工作在Spring的web应用程序在我们公司,从数据库中验证用户身份。但是,我们要使用Active Directory服务器在我们公司用于这一目的,而不是数据库。不幸的是,我有一个麻烦来连接到服务器。 这是我的春天的security.xml
I've been working on Spring web application in our company which authenticates users from database. But we are wanted to use the active directory server in our company for this purpose instead of database. unfortunately, I have a trouble to connect to the server. Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/App/Index" />
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/App/loginError" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl">
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/App/Index" access="ROLE_USER" />
<intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
<logout logout-success-url="/App/Login" />
<remember-me key="myAppKey" />
<session-management
session-authentication-strategy-ref="sas">
</session-management>
<csrf />
<headers>
<xss-protection />
</headers>
</http>
<global-method-security pre-post-annotations="enabled"
secured-annotations="enabled" proxy-target-class="true" />
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg index="0" value="256" />
</beans:bean>
<ldap-server id="ldapServer"
url="ldap://192.168.1.143/dc=springframework,dc=org" />
<authentication-manager>
<ldap-authentication-provider server-ref="ldapServer"
user-dn-pattern="uid={0},ou=people" />
</authentication-manager>
</beans:beans>
其实我只是删除了数据库相关的咖啡豆,然后添加的LDAP服务器和认证管理器,以便使用LDAP认证,使我们的应用程序。我使用Spring 4.0.1和Spring 3.2.1安全,以及与Java 1.7。虽然Web应用程序启动时,我进入登录页面的任何信息被拒绝,我在我在eclipse的控制台得到了一个访问被拒绝错误。
另外,我改变了LDAP URL到错误的IP地址,只是为了测试,如果该应用程序失败。但它并没有改变的。所以,我怀疑它甚至还试图连接到服务器。
Actually I just removed the database related beans and then added the ldap-server and authentication-manager in order to make our application using the ldap for authentication. I'm using Spring 4.0.1 and Spring security 3.2.1, along with java 1.7. Although the web application starts up, any information which I entered in login page was rejected and I got an Access is denied error in my console in eclipse.
Also, I changed the Ldap url to the wrong IP address just for testing if the application failed. But it didn't change at all. So, I doubt that it even trying to connect to the server.
推荐答案
由于我没有收到任何答案,我寻找解决我的问题。 首先,我要设置URL,就像我的活动目录设置。举例来说,我完全忽略了这是在默认389的IP地址后,该端口地址。此外,我改变了域名的URL地址的末端到我特定的Active Directory域地址。 在结束我的URL地址更改为
As I didn't receive any answers here, I search to solve my problem. First of all, I should set the url just like my Active directory setting. For instance, I totally neglected the port address after the IP address which is 389 in default. Moreover, I changed the domain at the end of the url address to my specific active directory domain address. At the end my url address changed to
ldap://192.168.1.143:389/DC=myDomain,DC=org
其次,我应该使用的用户名密码连接到LDAP。所以我改变了弹簧的security.xml就像如下:
Secondly, I should use the user name password to connect to the Ldap. so I change my spring-security.xml just like below:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/App/Index" />
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/App/loginError" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl">
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<http auto-config="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/App/Index" access="ROLE_USER" />
<intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
<logout logout-success-url="/App/Login" />
<remember-me key="myAppKey" />
<session-management
session-authentication-strategy-ref="sas">
</session-management>
<csrf />
<headers>
<xss-protection />
</headers>
</http>
<global-method-security pre-post-annotations="enabled"
secured-annotations="enabled" proxy-target-class="true" />
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg index="0" value="256" />
</beans:bean>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldap://192.168.1.143:389/DC=myDomain,DC=org" />
<beans:property name="userDn"
value="CN=username,CN=Users,DC=myDomain,DC=org" />
<beans:property name="password" value="password" />
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=users</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="ou" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<authentication-manager>
<authentication-provider ref="ldapAuthProvider"/>
</authentication-manager>
</beans:beans>
所有的一切,我完全推荐使用 JXplorer ,以连接到LDAP在第一。
All in all, I totally recommend to use JXplorer to connect to the Ldap at first .
这篇关于春季安全配置,以验证LDAP用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
