Spring MVC + Spring Security + LDAP

Posted

技术标签:

【中文标题】Spring MVC + Spring Security + LDAP【英文标题】: 【发布时间】:2018-04-15 13:26:25 【问题描述】:

我有这个WebSecurityConfig

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter 


        @Override
        protected void configure(HttpSecurity http) throws Exception 

            http.csrf().disable()
                    .authorizeRequests()
                    .antMatchers("/about", "/register").permitAll()
                    .antMatchers("/p1", "/p2", "/landing").fullyAuthenticated()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .and()
                    .logout()
                    .permitAll();
                    


        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 

            auth
                    .ldapAuthentication()
                    .userDnPatterns("uid=0,ou=people")
                    .groupSearchBase("ou=groups")
                    .contextSource()
                    .ldif("classpath:test-server.ldif")
                    .and()
                    .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userpassword")
            ;

        


    @Override
    public void configure(WebSecurity web) throws Exception 
        web
                .ignoring()
                .antMatchers("/resources/**", "/css/**", "/js/**", "/img/**");
    

我的ldif 文件已正确放置,并且我有一个 LoginController 返回一个 html 页面。但是,当使用 Maven 构建时,我得到:

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'webSecurityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mvcContentNegotiationManager' defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.accept.ContentNegotiationManager]: Factory method 'mvcContentNegotiationManager' threw exception; nested exception is java.lang.NoSuchMethodError: org.springframework.web.accept.ContentNegotiationManagerFactoryBean.build()Lorg/springframework/web/accept/ContentNegotiationManager;

我的mvn dependency:tree

[INFO] +- org.springframework.security:spring-security-core:jar:4.2.3.RELEASE:compile
[INFO] |  +- aopalliance:aopalliance:jar:1.0:compile
[INFO] |  +- org.springframework:spring-aop:jar:4.3.9.RELEASE:compile
[INFO] |  +- org.springframework:spring-context:jar:4.3.9.RELEASE:compile
[INFO] |  \- org.springframework:spring-expression:jar:4.3.9.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-web:jar:4.2.3.RELEASE:compile
[INFO] |  \- org.springframework:spring-web:jar:4.3.9.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-config:jar:4.2.3.RELEASE:compile
[INFO] +- org.springframework.ldap:spring-ldap-core:jar:2.3.2.RELEASE:compile
[INFO] |  +- org.slf4j:slf4j-api:jar:1.7.21:compile
[INFO] |  \- org.springframework:spring-tx:jar:4.3.4.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-ldap:jar:4.2.3.RELEASE:compile
[INFO] +- com.unboundid:unboundid-ldapsdk:jar:4.0.1:compile
[INFO] +- org.springframework.kafka:spring-kafka:jar:2.0.0.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.0.0.RELEASE:compile
[INFO] |  +- org.springframework.retry:spring-retry:jar:1.2.0.RELEASE:compile
[INFO] |  \- org.apache.kafka:kafka-clients:jar:0.11.0.0:compile
[INFO] |     +- net.jpountz.lz4:lz4:jar:1.3.0:compile
[INFO] |     \- org.xerial.snappy:snappy-java:jar:1.1.2.6:compile
[INFO] +- org.springframework:spring-core:jar:5.0.0.RELEASE:compile
[INFO] |  \- org.springframework:spring-jcl:jar:5.0.0.RELEASE:compile
[INFO] +- org.springframework:spring-beans:jar:5.0.0.RELEASE:compile
[INFO] +- org.springframework:spring-websocket:jar:5.0.0.RELEASE:compile
[INFO] +- org.apache.hbase:hbase-client:jar:1.3.1:compile
[INFO] |  +- org.apache.hbase:hbase-annotations:jar:1.3.1:compile
[INFO] |  |  +- com.github.stephenc.findbugs:findbugs-annotations:jar:1.3.9-1:compile
[INFO] |  |  \- log4j:log4j:jar:1.2.17:compile
[INFO] |  +- org.apache.hbase:hbase-common:jar:1.3.1:compile
[INFO] |  |  +- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] |  |  \- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] |  +- org.apache.hbase:hbase-protocol:jar:1.3.1:compile
[INFO] |  +- commons-codec:commons-codec:jar:1.9:compile
[INFO] |  +- commons-io:commons-io:jar:2.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  +- com.google.guava:guava:jar:12.0.1:compile
[INFO] |  +- com.google.protobuf:protobuf-java:jar:2.5.0:compile
[INFO] |  +- io.netty:netty-all:jar:4.0.23.Final:compile
[INFO] |  +- org.apache.zookeeper:zookeeper:jar:3.4.6:compile
[INFO] |  |  \- org.slf4j:slf4j-log4j12:jar:1.6.1:compile
[INFO] |  +- org.apache.htrace:htrace-core:jar:3.1.0-incubating:compile
[INFO] |  +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] |  |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] |  +- org.jruby.jcodings:jcodings:jar:1.0.8:compile
[INFO] |  +- org.jruby.joni:joni:jar:2.1.2:compile
[INFO] |  +- com.yammer.metrics:metrics-core:jar:2.2.0:compile
[INFO] |  +- org.apache.hadoop:hadoop-auth:jar:2.5.1:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.2.5:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpcore:jar:4.2.4:compile
[INFO] |  |  \- org.apache.directory.server:apacheds-kerberos-codec:jar:2.0.0-M15:compile
[INFO] |  |     +- org.apache.directory.server:apacheds-i18n:jar:2.0.0-M15:compile
[INFO] |  |     +- org.apache.directory.api:api-asn1-api:jar:1.0.0-M20:compile
[INFO] |  |     \- org.apache.directory.api:api-util:jar:1.0.0-M20:compile
[INFO] |  +- org.apache.hadoop:hadoop-common:jar:2.5.1:compile
[INFO] |  |  +- org.apache.hadoop:hadoop-annotations:jar:2.5.1:compile
[INFO] |  |  |  \- jdk.tools:jdk.tools:jar:1.6:system
[INFO] |  |  +- commons-cli:commons-cli:jar:1.2:compile
[INFO] |  |  +- org.apache.commons:commons-math3:jar:3.1.1:compile
[INFO] |  |  +- xmlenc:xmlenc:jar:0.52:compile
[INFO] |  |  +- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] |  |  +- commons-net:commons-net:jar:3.1:compile
[INFO] |  |  +- commons-el:commons-el:jar:1.0:runtime
[INFO] |  |  +- commons-configuration:commons-configuration:jar:1.6:compile
[INFO] |  |  |  +- commons-digester:commons-digester:jar:1.8:compile
[INFO] |  |  |  |  \- commons-beanutils:commons-beanutils:jar:1.7.0:compile
[INFO] |  |  |  \- commons-beanutils:commons-beanutils-core:jar:1.8.0:compile
[INFO] |  |  +- org.apache.avro:avro:jar:1.7.4:compile
[INFO] |  |  |  \- com.thoughtworks.paranamer:paranamer:jar:2.3:compile
[INFO] |  |  +- com.jcraft:jsch:jar:0.1.42:compile
[INFO] |  |  +- com.google.code.findbugs:jsr305:jar:1.3.9:compile
[INFO] |  |  \- org.apache.commons:commons-compress:jar:1.4.1:compile
[INFO] |  |     \- org.tukaani:xz:jar:1.0:compile
[INFO] |  +- org.apache.hadoop:hadoop-mapreduce-client-core:jar:2.5.1:compile
[INFO] |  |  +- org.apache.hadoop:hadoop-yarn-common:jar:2.5.1:compile
[INFO] |  |  |  +- org.apache.hadoop:hadoop-yarn-api:jar:2.5.1:compile
[INFO] |  |  |  \- javax.xml.bind:jaxb-api:jar:2.2.2:compile
[INFO] |  |  |     +- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] |  |  |     \- javax.activation:activation:jar:1.1:compile
[INFO] |  |  \- io.netty:netty:jar:3.6.2.Final:compile
[INFO] |  \- junit:junit:jar:4.12:compile
[INFO] |     \- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] +- org.springframework:spring-webmvc:jar:5.0.0.RELEASE:compile
[INFO] +- javax.servlet:javax.servlet-api:jar:4.0.0:provided
[INFO] +- org.thymeleaf:thymeleaf-spring4:jar:2.1.5.RELEASE:compile
[INFO] |  \- org.thymeleaf:thymeleaf:jar:2.1.5.RELEASE:compile
[INFO] |     +- ognl:ognl:jar:3.0.8:compile
[INFO] |     +- org.javassist:javassist:jar:3.16.1-GA:compile
[INFO] |     \- org.unbescape:unbescape:jar:1.1.0.RELEASE:compile
[INFO] +- org.springframework.data:spring-data-hadoop:jar:2.5.0.RELEASE:compile
[INFO] |  +- org.springframework.data:spring-data-hadoop-core:jar:2.5.0.RELEASE:compile
[INFO] |  |  +- org.apache.hadoop:hadoop-streaming:jar:2.7.3:compile
[INFO] |  |  +- org.apache.hadoop:hadoop-distcp:jar:2.7.3:compile
[INFO] |  |  +- org.apache.hadoop:hadoop-hdfs:jar:2.7.3:compile
[INFO] |  |  |  +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] |  |  |  +- com.sun.jersey:jersey-core:jar:1.9:compile
[INFO] |  |  |  +- com.sun.jersey:jersey-server:jar:1.9:compile
[INFO] |  |  |  |  \- asm:asm:jar:3.1:compile
[INFO] |  |  |  +- commons-daemon:commons-daemon:jar:1.0.13:compile
[INFO] |  |  |  +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] |  |  |  +- xerces:xercesImpl:jar:2.9.1:compile
[INFO] |  |  |  |  \- xml-apis:xml-apis:jar:1.3.04:compile
[INFO] |  |  |  \- org.fusesource.leveldbjni:leveldbjni-all:jar:1.8:compile
[INFO] |  |  \- org.apache.hadoop:hadoop-mapreduce-client-jobclient:jar:2.7.3:compile
[INFO] |  |     +- org.apache.hadoop:hadoop-mapreduce-client-common:jar:2.7.3:compile
[INFO] |  |     |  +- org.apache.hadoop:hadoop-yarn-client:jar:2.7.3:compile
[INFO] |  |     |  \- org.apache.hadoop:hadoop-yarn-server-common:jar:2.7.3:compile
[INFO] |  |     +- org.apache.hadoop:hadoop-mapreduce-client-shuffle:jar:2.7.3:compile
[INFO] |  |     |  \- org.apache.hadoop:hadoop-yarn-server-nodemanager:jar:2.7.3:compile
[INFO] |  |     |     +- com.sun.jersey:jersey-client:jar:1.9:compile
[INFO] |  |     |     +- com.sun.jersey:jersey-json:jar:1.9:compile
[INFO] |  |     |     |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.3-1:compile
[INFO] |  |     |     |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.8.3:compile
[INFO] |  |     |     |  \- org.codehaus.jackson:jackson-xc:jar:1.8.3:compile
[INFO] |  |     |     \- com.sun.jersey.contribs:jersey-guice:jar:1.9:compile
[INFO] |  |     \- com.google.inject.extensions:guice-servlet:jar:3.0:compile
[INFO] |  |        \- com.google.inject:guice:jar:3.0:compile
[INFO] |  |           \- javax.inject:javax.inject:jar:1:compile
[INFO] |  +- org.springframework.data:spring-data-hadoop-hive:jar:2.5.0.RELEASE:compile
[INFO] |  |  \- org.springframework.batch:spring-batch-core:jar:3.0.7.RELEASE:compile
[INFO] |  |     +- com.ibm.jbatch:com.ibm.jbatch-tck-spi:jar:1.0:compile
[INFO] |  |     |  \- javax.batch:javax.batch-api:jar:1.0:compile
[INFO] |  |     +- com.thoughtworks.xstream:xstream:jar:1.4.7:compile
[INFO] |  |     |  +- xmlpull:xmlpull:jar:1.1.3.1:compile
[INFO] |  |     |  \- xpp3:xpp3_min:jar:1.1.4c:compile
[INFO] |  |     +- org.codehaus.jettison:jettison:jar:1.2:compile
[INFO] |  |     \- org.springframework.batch:spring-batch-infrastructure:jar:3.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context-support:jar:4.3.9.RELEASE:compile
[INFO] |  +- org.springframework.data:spring-data-hadoop-hbase:jar:2.5.0.RELEASE:compile
[INFO] |  +- org.springframework:spring-jdbc:jar:4.3.9.RELEASE:compile
[INFO] |  +- org.springframework.data:spring-data-hadoop-pig:jar:2.5.0.RELEASE:compile
[INFO] |  \- org.springframework.data:spring-data-hadoop-batch:jar:2.5.0.RELEASE:compile
[INFO] +- org.springframework:spring-dao:jar:2.0.8:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.0:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.0:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] \- org.json:json:jar:20170516:compile

有什么想法吗?

【问题讨论】:

【参考方案1】:

我也遇到过类似的问题:

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mvcContentNegotiationManager' defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.accept.ContentNegotiationManager]: Factory method 'mvcContentNegotiationManager' threw exception; nested exception is java.lang.NoSuchMethodError: org.springframework.web.accept.ContentNegotiationManagerFactoryBean.build()Lorg/springframework/web/accept/ContentNegotiationManager;

我在 build.gradle 中的依赖:

buildscript 
    ext 
        springBootVersion = '1.5.9.RELEASE'
    
    repositories 
        mavenCentral()
        maven  url "http://repo.spring.io/libs-release" 
    
    dependencies 
        classpath("org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion")
    


.....

dependencies 
    compile('org.springframework:spring-webmvc:2.5.2.RELEASE')
    compile('org.springframework.boot:spring-boot-starter-jersey')
    compile('org.springframework.boot:spring-boot-starter-security')
    testCompile('org.springframework.boot:spring-boot-starter-test')
    testCompile('org.springframework.security:spring-security-test')


我打开文件/项目结构/库(我使用 intellij idea)并检查依赖关系的版本:

我不确定,但我认为我没有明确指定依赖项的版本 Gradle 默认使用以前的版本作为此依赖项。

然后我在 build.gradle 中手动指定了必要的版本:

dependencies 
    compile 'org.springframework:spring-webmvc:5.0.2.RELEASE'
    compile 'org.springframework:spring-web:5.0.2.RELEASE'
    compile 'org.springframework:spring-expression:5.0.2.RELEASE'
    compile 'org.springframework:spring-aop:5.0.2.RELEASE'
    compile 'org.springframework:spring-beans:5.0.2.RELEASE'
    compile 'org.springframework:spring-context:5.0.2.RELEASE'
    compile 'org.springframework:spring-core:5.0.2.RELEASE'
    compile 'org.springframework:spring-test:5.0.2.RELEASE'
    compile('org.springframework.boot:spring-boot-starter-jersey')
    compile 'com.fasterxml.jackson.core:jackson-databind:2.9.3'
    compile 'com.fasterxml.jackson.core:jackson-core:2.9.3'
    compile 'com.fasterxml.jackson.core:jackson-annotations:2.9.3'
    compile('org.springframework.security:spring-security-web:5.0.0.RELEASE')
    compile('org.springframework.security:spring-security-config:5.0.0.RELEASE')
    compile('org.springframework.security:spring-security-core:5.0.0.RELEASE')

    testCompile('org.springframework.boot:spring-boot-starter-test')


这对我有帮助。

【讨论】:

【参考方案2】:

从错误来看,您使用的 spring jar 文件的版本似乎存在问题

如果你看ContentNegotiationManagerFactoryBean类here的文档,5.0版本中引入了build()方法

public ContentNegotiationManager build()
Actually build the ContentNegotiationManager.
Since:
5.0

ContentNegotiationManagerFactoryBean 类存在于 org.springframework:spring-web jar 文件中。根据您的 mvn 依赖树,版本是 org.springframework:spring-web:jar:4.3.9.RELEASE

根据文档 4.3.9 release,此 4.3.9 版本不包含 build() 方法。所以,你得到了这个错误。

如果您可以将org.springframework:spring-web:jar:4.3.9.RELEASE 更改为org.springframework:spring-web:jar:5.0.0.RELEASE,它应该可以解决您的问题。

【讨论】:

以上是关于Spring MVC + Spring Security + LDAP的主要内容,如果未能解决你的问题,请参考以下文章

Spring MVC学习笔记---Spring MVC 的HelloWorld

无法正确实现 pom.xml 的 spring 安全性

在Junit 5测试中注入Spring数据存储库

spring mvc怎么存cookie

Spring MVC系列初识Spring MVC

spring mvc中 Circular view path 问题