未分配 Grails Spring Security LDAP“defaultRole”

Posted 2023-02-27

【中文标题】未分配 Grails Spring Security LDAP“defaultRole”

【英文标题】：Grails Spring Security LDAP "defaultRole" does not get assigned

【发布时间】：2017-02-22 14:42:38

【问题描述】：

我正在为 Grails 中的 LDAP 授权而苦苦挣扎（身份验证有效）。这是我的配置：

grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.filter = 'sAMAccountName=0'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.authorities.defaultRole = 'ROLE_USER'
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true   
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false    
grails.plugin.springsecurity.ldap.useRememberMe = false

我希望用户被分配“ROLE_USER”角色，但我得到的只是：

DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@d66fe506: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d66fe506: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@d66d0e48: Dn: cn=testuser,cn=Users,dc=GROUP,dc=LOCAL; Username: testuser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 2BA8D2C334CBDA358EEEAD97F12DD38C; Not granted any authorities'

你有什么智慧的话吗？我做错了什么？

【参考方案1】：

为了记录，我发现解决方案是将retrieveGroupRoles 切换为true：

grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true