【发布时间】:2014-08-06 19:19:20
【问题描述】:
我正在尝试将 Spring Security 与 ldap 集成。使用 spring core 4.0.5 版、spring security 3.2.2 版和 spring ldap 1.3.2 版。这是我的安全配置 xml
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/js/**"
access="true" />
<security:intercept-url pattern="/css/**"
access="true" />
<security:intercept-url pattern="/images/**"
access="true" />
<security:intercept-url pattern="/**"
access="hasRole('ROLE_USER')" />
</security:http>
<security:ldap-server id="ldapServer"
url="ldap://qadirectory.xxxx.com:389/" />
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
server-ref="ldapServer" user-dn-pattern="uid={0},ou=people,o=xxxx.com" />
</security:authentication-manager>
通过默认弹簧表单进行身份验证时出现以下错误
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:305)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:258)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:605)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:523)
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:171)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
root cause
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849)
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:252)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:292)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:258)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:605)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:523)
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:171)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
【问题讨论】:
-
在组成员身份解析期间似乎有问题。我认为 Spring Security LDAP 的默认配置依赖于 base dn 配置。这大概就是问题所在。您可以尝试在提供程序配置中指定
group-search-base="ou=groups,o=xxxx.com"属性。 -
去掉了“LDAP:错误代码 32”。现在出现 HTTP 403 访问被拒绝错误。似乎
是错误的。 -
已修复。
...非常感谢。 -
将我的评论添加为实际答案,以便您接受。
标签: spring ldap integration