gpt4 book ai didi

java - Spring Security + LDAP 总是返回 BadCredentialsException

转载 作者:行者123 更新时间:2023-11-30 03:17:57 25 4
gpt4 key购买 nike

我一直在尝试配置 Spring Security 以使用 LDAP,但收效甚微。

我有以下配置 bean:

@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("go.com.mt", "LDAP://CORPORATE.INTRA");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}

@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
return contextMapper;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}

我尝试按照堆栈溢出上许多答案的建议创建一个自定义映射器,将每个权限设置为 ROLE_USER

public class AttributesLDAPUserDetailsContextMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String username, Collection<? extends GrantedAuthority> authority) {
List<GrantedAuthority> mappedAuthorities = new ArrayList<GrantedAuthority>();
for (GrantedAuthority granted : authority) {
if (true) {
mappedAuthorities.add(() -> "ROLE_USER");
} else if(granted.getAuthority().equalsIgnoreCase("MY ADMIN GROUP")) {
mappedAuthorities.add(() -> "ROLE_ADMIN");
}
}
return new User(username, "", mappedAuthorities);
}

@Override
public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {

}
}

当我尝试使用现有用户和不正确的密码进行身份验证时,我收到以下消息:

[apr-8080-exec-6] ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid
[apr-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:31:59 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]

这意味着 Activity 目录正在正常工作,但是当我尝试使用正确的凭据进行身份验证时,我收到以下消息:

[pr-8080-exec-10] o.s.s.ldap.SpringSecurityLdapTemplate    : Ignoring PartialResultException
[pr-8080-exec-10] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:32:05 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]

有什么想法可以解决这个问题吗?

最佳答案

问题似乎是因为 ActiveDirectoryLdapAuthenticationProvider 使用域“猜测”DN。将 spring-security-ldap 更新到最新版本提供了 new constructor with 3 parameters其中最后一项允许您指定 DN。之后映射器开始被成功调用并且身份验证通过。

我要感谢所有做出贡献的人:)

关于java - Spring Security + LDAP 总是返回 BadCredentialsException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32098736/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com