在 LDAP 身份验证中使用正确凭据的未分类异常
Posted
技术标签:
【中文标题】在 LDAP 身份验证中使用正确凭据的未分类异常【英文标题】:Uncategorized exception for using correct credentials in LDAP authentication 【发布时间】:2016-08-13 09:57:07 【问题描述】:我想使用 Spring Boot 为 Web 应用程序实现 LDAP 身份验证。这是我的WebSecurityConfig 课程:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin();
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception
auth
.ldapAuthentication()
.userDnPatterns("cn=0,ou=institution,ou=people")
.contextSource()
.url("ldap://ldap.mdanderson.edu:389/dc=mdanderson,dc=edu");
我用我的凭据对其进行了测试。这是我从 LDAP 服务器获取的用户信息的屏幕截图:
在登录页面,如果我输入 djiao 作为我的用户名和错误的密码,它会显示Bad credentials。但是,如果我输入正确的密码,我会得到 500:
There was an unexpected error (type=Internal Server Error, status=500).
Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''
似乎绑定到 ldap 服务器是成功的,否则它将无法区分正确密码和错误密码。但是为什么我会得到这个异常?
编辑:
从IDE控制台的输出中,我看到了很多类似Rejected bean和Unable to locate LocaleResolver等的消息。它们似乎不是错误,但我不知道它们是否导致错误。下面是堆栈跟踪:
210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'springBootLoggingSystem': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'environment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'systemProperties': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'systemEnvironment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importRegistry': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'messageSource': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'servletContext': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'contextParameters': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'contextAttributes': no URL paths identified
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.906[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36m.m.m.a.ExceptionHandlerExceptionResolver[0;39m [2m:[0;39m Looking for exception mappings: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@2dfbba12: startup date [Wed Apr 20 11:34:48 CDT 2016]; root of context hierarchy
[2m2016-04-20 11:34:53.940[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:54.344[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.j.e.a.AnnotationMBeanExporter [0;39m [2m:[0;39m Registering beans for JMX exposure on startup
[2m2016-04-20 11:34:54.370[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Looking for resource handler mappings
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**/favicon.ico", locations=[class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/], class path resource []], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@3ba74ae5]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/webjars/**", locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@64261efb]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**", locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2bc241b]
[2m2016-04-20 11:34:54.435[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36ms.b.c.e.t.TomcatEmbeddedServletContainer[0;39m [2m:[0;39m Tomcat started on port(s): 8080 (http)
[2m2016-04-20 11:34:54.436[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.c.s.StandardServletEnvironment [0;39m [2m:[0;39m Adding [server.ports] PropertySource with highest search precedence
[2m2016-04-20 11:34:54.442[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.m.r.ristore.ws.RistoreWebApplication [0;39m [2m:[0;39m Started RistoreWebApplication in 6.32 seconds (JVM running for 6.784)
[2m2016-04-20 11:35:04.459[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Initializing servlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.a.c.c.C.[Tomcat].[localhost].[/] [0;39m [2m:[0;39m Initializing Spring FrameworkServlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization started
[2m2016-04-20 11:35:04.460[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Using MultipartResolver [org.springframework.web.multipart.support.StandardServletMultipartResolver@3f7834e2]
[2m2016-04-20 11:35:04.464[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate LocaleResolver with name 'localeResolver': using default [org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver@7488cec1]
[2m2016-04-20 11:35:04.494[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate ThemeResolver with name 'themeResolver': using default [org.springframework.web.servlet.theme.FixedThemeResolver@63934d10]
[2m2016-04-20 11:35:04.499[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@47fce61b]
[2m2016-04-20 11:35:04.504[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate FlashMapManager with name 'flashMapManager': using default [org.springframework.web.servlet.support.SessionFlashMapManager@3cab6c9d]
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet]
[2m2016-04-20 11:35:04.505[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization completed in 45 ms
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Servlet 'dispatcherServlet' configured successfully
[2m2016-04-20 11:35:09.671[0;39m [31mERROR[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet] [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name ''
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:241) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:166) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:238) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:207) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:215) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:87) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127) ~[na:1.7.0_80]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) ~[na:1.7.0_80]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) ~[na:1.7.0_80]
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849) ~[na:1.7.0_80]
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) ~[na:1.7.0_80]
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) ~[na:1.7.0_80]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) ~[na:1.7.0_80]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) ~[na:1.7.0_80]
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[na:1.7.0_80]
at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 64 common frames omitted
[2m2016-04-20 11:35:09.675[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error]
[2m2016-04-20 11:35:09.676[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Looking up handler method for path /error
[2m2016-04-20 11:35:09.679[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorhtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
[2m2016-04-20 11:35:09.745[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html])
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Returning [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] based on requested media type 'text/html'
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] in DispatcherServlet with name 'dispatcherServlet'
[2m2016-04-20 11:35:09.752[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Successfully completed request
编辑#2: 这是同一机构内另一个项目的 contextSource 配置。
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://ldap.mdanderson.edu:389/DC=mdanderson,DC=edu" />
<beans:property name="userDn" value="ou=institution,ou=people" />
<beans:property name="password" value="password" />
</beans:bean>
【问题讨论】:
你能分享完整的堆栈跟踪吗?我已经有了一个假设,但想先验证一下。 @daniel.eichten 堆栈跟踪是指在 IDE 控制台中输出的调试和错误信息? 是的!只需相应地更新您的问题。 @daniel.eichten 已更新。 【参考方案1】:LDAP 身份验证通常很简单。您需要的是一个简单的 POJO 客户端来测试绑定是否正在发生。
在我的项目中,我们使用super id连接到LDAP进行绑定,然后使用用户id和密码再次测试密码是否正确。
您可以尝试这种方法。
【讨论】:
【参考方案2】:所以这个问题确实是我所期望的。我基本上没有解释为什么当你输入错误的密码时你会得到一个错误的凭据错误,但是你看到这个异常的问题很简单。您需要配置一个允许读取 LDAP 服务器的用户。在您的AuthenticationConfiguration 中,您只是定义了 LDAP 服务器的 URL,但没有允许执行搜索并从那里读取的用户。 LDAP 身份验证分两步进行:
-
您的应用程序将尝试查找与您在
userSearchFilter 中给出的条件相匹配的 DN。为此,它需要一个管理器连接,您可以使用您的contextSource() 定义的managerDN() 和managerPassword() 方法来定义它。如果此搜索成功...
它将使用 DN 和给定密码执行第二次绑定操作,如果成功读取您的节点(以及链接组)以填充您的 Principal 或 UserDetails 对象。
查看other post 中的答案,它定义了管理器连接,例如
.contextSource()
.url("ldaps://<ap-ldap-server>")
.port(639)
.managerDn("cn=binduser,ou=users,dc=ap,dc=domain,dc=com")
.managerPassword("some pass")
【讨论】:
当我尝试添加这两行时,我得到了错误The method managerDn(String) is undefined for the type WebSecurityConfig,managerPassword 很好。这个管理员用户/密码也是任意的吗?
你在哪里添加的?在url("<url>") 部分之后?
对不起,我在url 之后有一个;。无论如何,我添加的两行代码是 .managerDn("cn=manager,ou=institution,ou=people,dc=mdanderson,dc=edu") .managerPassword("password"); 并且出现 LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error 错误。经理凭证是任意的吗?
不不,必须是您目录中的有效人员。因此,如果您知道您的 DN 并通过,您可以输入您的 DN。在我们的例子中,我们通常为此目的创建服务用户。
您的意思是使用与经理相同的帐户(我)来验证恰好是相同凭据的另一个帐户(我)?我不太明白。但是在我输入我的 dn 并作为经理通过后,我得到了Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException。以上是关于在 LDAP 身份验证中使用正确凭据的未分类异常的主要内容,如果未能解决你的问题,请参考以下文章
在 Spring Security(spring-boot 项目)中使用 ldap 凭据进行 Http 基本身份验证以保护休息服务调用