Grails 中带有 Spring Security 的 Gormless LDAP
Posted
技术标签:
【中文标题】Grails 中带有 Spring Security 的 Gormless LDAP【英文标题】:Gormless LDAP with Spring Security in Grails 【发布时间】:2011-08-01 03:37:48 【问题描述】:这是我的 ldap 配置文件
grails.plugins.springsecurity.ldap.context.managerDn = 'uid=admin,ou=system,dc=example,dc=com'
grails.plugins.springsecurity.ldap.context.managerPassword = 'secret'
grails.plugins.springsecurity.ldap.context.server = 'ldap://localhost:1389'
grails.plugins.springsecurity.ldap.authorities.groupSearchBase = 'ou=groups,dc=example,dc=com'
grails.plugins.springsecurity.ldap.search.base = 'dc=example,dc=com'
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugins.springsecurity.providerNames=['ldapAuthProvider', 'anonymousAuthenticationProvider']
这是我的日志
DEBUG springsecurity.RequestHolderAuthenticationFilter - Request is to process authentication
DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for user: rsom
DEBUG search.FilterBasedLdapUserSearch - Searching for user 'rsom', with user search [ searchFilter: '(uid=0)', searchBase: 'dc=example,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389'
DEBUG ldap.SpringSecurityLdapTemplate - Searching for entry in under DN '', base = 'dc=example,dc=com', filter = '(uid=0)'
DEBUG ldap.SpringSecurityLdapTemplate - Found DN: uid=rsom,dc=example,dc=com
DEBUG authentication.BindAuthenticator - Attempting to bind as uid=rsom,dc=example,dc=com
DEBUG ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user uid=rsom,dc=example,dc=com
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389'
DEBUG userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user uid=rsom,dc=example,dc=com
DEBUG userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rsom', DN = 'uid=rsom,dc=example,dc=com', with filter uniquemember=0 in search base 'ou=groups,dc=example,dc=com'
DEBUG ldap.SpringSecurityLdapTemplate - Using filter: uniquemember=uid=rsom,dc=example,dc=com
INFO core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389'
DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG spring.ReloadAwareAutowireCapableBeanFactory - Returning cached instance of singleton bean 'transactionManager'
DEBUG hibernate.SQL - select top ? this_.id as id23_0_, this_.version as version23_0_, this_.account_expired as account3_23_0_, this_.account_locked as account4_23_0_, this_.enabled as enabled23_0_, this_.entity_id as entity6_23_0_, this_."password" as password7_23_0_, this_.password_expired as password8_23_0_, this_.username as username23_0_ from user this_ where (this_.username=?)
WARN springsecurity.GormUserDetailsService - User not found: rsom
DEBUG support.TransactionTemplate - Initiating transaction rollback on application exception
org.springframework.security.core.userdetails.UsernameNotFoundException: User not found
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:77)
at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:102)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:202)
at org.codehaus.groovy.grails.plugins.springsecurity.GormUserDetailsService$_loadUserByUsername_closure1.doCall(GormUserDetailsService.groovy:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
我需要做什么才能告诉 grails 和 spring-security-ldap 不要在我的数据库中查找通过 ldap 进行身份验证的用户?
我正在使用 grails 1.3.7、Spring Security Core 1.1.2、Spring Security Ldap 1.0.3。
【问题讨论】:
【参考方案1】:它似乎默认为 GormUserDetailsService。尝试将此配置也设置为 false:
grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false
确保以下内容也是错误的。记住我也尝试使用 Gorm
grails.plugins.springsecurity.conf.ldap.useRememberMe = false
我注意到 spring-security-ldap 插件的SpringSecurityLdapGrailsPlugin.groovy
有一个设置 userDetailsService 的 if/ifelse/else 块。
供参考:
if (conf.ldap.authorities.retrieveGroupRoles)
ldapAuthoritiesPopulator(GrailsLdapAuthoritiesPopulator, contextSource, conf.ldap.authorities.groupSearchBase)
groupRoleAttribute = conf.ldap.authorities.groupRoleAttribute
groupSearchFilter = conf.ldap.authorities.groupSearchFilter
searchSubtree = conf.ldap.authorities.searchSubtree
if (conf.ldap.authorities.defaultRole)
defaultRole = conf.ldap.authorities.defaultRole
ignorePartialResultException = conf.ldap.authorities.ignorePartialResultException // false
if (conf.ldap.useRememberMe && conf.ldap.authorities.retrieveDatabaseRoles)
userDetailsService = ref('ldapRememberMeUserDetailsService')
else
userDetailsService = ref('userDetailsService')
retrieveDatabaseRoles = conf.ldap.authorities.retrieveDatabaseRoles // false
else if (conf.ldap.authorities.retrieveDatabaseRoles)
ldapAuthoritiesPopulator(DatabaseOnlyLdapAuthoritiesPopulator)
if (conf.ldap.authorities.defaultRole)
defaultRole = conf.ldap.authorities.defaultRole
if (conf.ldap.useRememberMe)
userDetailsService = ref('ldapRememberMeUserDetailsService')
else
userDetailsService = ref('userDetailsService')
else
ldapAuthoritiesPopulator(NullLdapAuthoritiesPopulator)
【讨论】:
以上是关于Grails 中带有 Spring Security 的 Gormless LDAP的主要内容,如果未能解决你的问题,请参考以下文章
grails 2.4.0 中带有 hibernate:3.6.10.15 插件的错误
Spring 3.0 - 无法找到 XML 模式命名空间的 Spring NamespaceHandler [http://www.springframework.org/schema/securit
Spring 3.0 - 无法找到 XML 模式命名空间的 Spring NamespaceHandler [http://www.springframework.org/schema/securit