在身份验证失败中循环通过 Shiro LDAP 领域

【问题标题】:Looping through Shiro LDAP Realm on Authenitcation Failure在身份验证失败中循环通过 Shiro LDAP 领域
【发布时间】:2014-05-02 09:25:26
【问题描述】:

我遇到了一个奇怪的错误。如果我将有效的用户/密码传递给我的 Shiro LDAP,一切正常,但如果组合无效,则会引发异常并继续循环通过 Shiro 领域代码。在调试器中,它只保留在 Shiro 代码中,除了我的一个覆盖方法:

  public class MyJndiLdapRealm extends JndiLdapRealm {


public MyJndiLdapRealm () {
    super();
}

@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,
        LdapContextFactory ldapContextFactory)
throws NamingException {

Object principal = token.getPrincipal();
Object credentials = token.getCredentials();

principal = getLdapPrincipal(token);

LdapContext ctx = null;
try {
     ctx = ldapContextFactory.getLdapContext(principal, credentials);

     //context was opened successfully, which means their credentials were valid.  Return the AuthenticationInfo:
     return createAuthenticationInfo(token, principal, credentials, ctx);
} finally {
    LdapUtils.closeContext(ctx);
}

 }



          <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/ldapLogin"/>
    <property name="unauthorizedUrl" value="/ldapLogin"/>
    <property name="successUrl" value="/ldapLogin"/>      
    <property name="filterChainDefinitions">
        <value>
            [urls]
            /** = ssl[8443],authc, customAuthFilter
            [main]
            /logout = logout
        </value>
    </property>   
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
     <property name="realms">
        <list>
             <ref bean="authenticateLdapRealm"/>
             <ref bean="authenticateDbRolesRealm"/>
             <ref bean="DbAuthorizingRealm"/>
        </list>
    </property>
    <property name="authenticator.authenticationStrategy">
        <bean class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"/>
    </property>
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<bean id="authenticateLdapRealm" class="security.MyJndiLdapRealm">
    <property name="contextFactory" ref="contextFactory" />
    <property name="userDnTemplate" value="cn={0},ou=REMOTE,o=OFF" /> 
</bean>

<bean id="contextFactory" class="org.apache.shiro.realm.ldap.JndiLdapContextFactory">
  <property name="url" value="ldap://172.25.3.91:389"/>
</bean>

<bean id="authenticateDbRolesRealm" class="security.DbRolesRealm">
</bean>

<bean id="SwiDbAuthorizingRealm" class="security.DbAuthorizingRealm">
</bean>

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>

【问题讨论】:

    标签: ldap jndi shiro


    【解决方案1】:

    不知何故我的自定义过滤器是问题所在。去了PassThruAuthenticationFilter,问题解决了。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2018-06-13
      • 2016-08-20
      • 2020-04-14
      • 2015-04-19
      • 2016-02-05
      • 1970-01-01
      • 1970-01-01
      • 2016-04-08
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode