通过 Spring security ldap 对用户进行身份验证时未授予任何权限错误
Posted
技术标签:
【中文标题】通过 Spring security ldap 对用户进行身份验证时未授予任何权限错误【英文标题】:Not granted any authorities error while authenticating user via Spring security ldap 【发布时间】:2020-03-27 00:45:47 【问题描述】:我正在尝试使用我已成功配置 LDAP 的 Spring Boot 通过 LDAP 服务器对用户进行身份验证。现在,当我使用 authenticationManager() 验证用户凭据时,我收到了not granted any authorities
错误。
我已经尝试了几个代码,但没有找到任何合适的解决方案,或者我可能错过了整个身份验证过程的一些重要点。
控制器:
@RequestMapping(value = "/login", method = RequestMethod.POST)
// public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest, BindingResult result)
public ResponseEntity<?> authenticateUser(@Valid @ModelAttribute LoginRequest loginRequest, BindingResult result)
ResponseEntity<?> errorMap = mapValidationErrorService.getMapValidationErrors(result);
if(errorMap != null) return errorMap;
String jwt = null;
try
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()) );
System.out.println("test : "+authentication.toString());
SecurityContextHolder.getContext().setAuthentication(authentication);
jwt = TOKEN_PREFIX + tokenProvider.generateToken(authentication);
catch (Exception e)
return new ResponseEntity<>("Not Authorized", HttpStatus.FORBIDDEN);
安全配置
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Value("$ldap-url")
private String url;
@Value("$ldap-basedn")
private String baseDn;
@Value("$ldap-user-password")
private String userPassword;
@Value("$ldap-user-dnpattern")
private String userDnPattern;
@Value("$ldap.password")
private String ldapPrincipalPassword;
@Value("$ldap.username")
private String ldapSecurityPrincipal;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedhandler;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter() return new JwtAuthenticationFilter();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth
.ldapAuthentication()
.userDnPatterns(userDnPattern)
.contextSource()
.url(url+baseDn)
.managerDn(ldapSecurityPrincipal)
.managerPassword(ldapPrincipalPassword)
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
// super.configure(auth);
// auth.userDetailsService(customUserDetailsService).passwordEncoder(bCryptPasswordEncoder);
@Override
@Bean(BeanIds.AUTHENTICATION_MANAGER)
protected AuthenticationManager authenticationManager() throws Exception
// TODO Auto-generated method stub
return super.authenticationManager();
@Override
protected void configure(HttpSecurity http) throws Exception
http.cors();
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(null).and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().frameOptions().sameOrigin()
.and()
.authorizeRequests()
.antMatchers(
"/",
"favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/api/users/**").permitAll()
.anyRequest().fullyAuthenticated();
// .antMatchers(SIGN_UP_URLS).permitAll()
// .anyRequest()
// .authenticated();
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
super.configure(http);
@Bean
public BCryptPasswordEncoder passwordEncoder()
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
认证结果为:
test : org.springframework.security.authentication.UsernamePasswordAuthenticationToken@58d6c26a: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@a7293dae: Dn: mail=email@gmail.com,ou=projectName,o=companyName; Username: email@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities
请帮我解决这个问题。如何避免未授予权限错误。 提前致谢!
【问题讨论】:
您能解决问题吗?我也面临同样的问题。 是的,我能够解决这个问题。我更改了安全配置,尝试使用 ldapAuthoritiesPopulator。 非常感谢 【参考方案1】:更新安全配置类而不是第一个配置方法(AuthenticationManagerBuilder)使用:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
auth.ldapAuthentication()
.userDnPatterns(userDnPattern)
.contextSource()
.url(url+baseDn)
.managerDn(ldapSecurityPrincipal)
.managerPassword(ldapPrincipalPassword)
.and()
.ldapAuthoritiesPopulator(myAuthPopulator);
另外,自动装配 LdapAuthoritiesPopulator
【讨论】:
以上是关于通过 Spring security ldap 对用户进行身份验证时未授予任何权限错误的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security OAuth2 和 Ldap 对同一资源的身份验证
使用 Spring Security 3 进行 LDAP 身份验证
使用 Spring Boot/Spring Security 对 LDAP 进行证书身份验证
Spring Security Active Directory LDAP 身份验证错误
Spring Security - 在Spring Boot中针对LDAP使用Active Directory对用户进行身份验证