Spring Security LDAP 登录错误凭据

Posted

技术标签:

【中文标题】Spring Security LDAP 登录错误凭据【英文标题】:Spring Security LDAP Login Bad Credentials 【发布时间】:2017-11-02 12:36:46 【问题描述】:

我正在尝试使用 spring security 连接 LDAP,但它总是显示错误的凭据问题。我认为我的代码可能有问题:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter 
    @Override
    public void configure(WebSecurity web) throws Exception 
        web.debug(true);
    
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 

        auth.ldapAuthentication().userDnPatterns("sAMAccountName=0,OU=SupportUsers,OU=Users,OU=company,DC=ad,DC=company,DC=com,DC=pl")
            .contextSource(contextSource()).passwordCompare().passwordAttribute("userPassword");
    
    protected void configure(HttpSecurity http) throws Exception 
        http
            .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin();
        http.csrf().disable(); //Vaadin already have built in csrf
    
    @Bean
    public LdapContextSource contextSource () 
        LdapContextSource contextSource= new LdapContextSource();
        contextSource.setUrl("ldap://192.168.2.2:389");
        contextSource.setBase("dc=ad,dc=company,dc=com,dc=pl");
        contextSource.setUserDn("CN=lister,OU=SupportUsers,OU=Users,OU=company,DC=ad,DC=company,DC=com,DC=pl");
        contextSource.setPassword("examplePassword");
        contextSource.setAnonymousReadOnly(false);
        contextSource.setPooled(true);
        contextSource.afterPropertiesSet();
        return contextSource;
    

我在代码中找不到错误,可能是我以错误的方式做某事。这是我的 pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>pl.com.company</groupId>
    <artifactId>LDAPSpringInitializr</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>LDAPSpringInitializr</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <vaadin.version>8.0.5</vaadin.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>com.vaadin</groupId>
            <artifactId>vaadin-spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.vaadin</groupId>
                <artifactId>vaadin-bom</artifactId>
                <version>$vaadin.version</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

我是不是做错了什么?也许密码编码有问题?问候,拉法乌

【问题讨论】:

【参考方案1】:
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 

    auth.ldapAuthentication().userSearchFilter("(sAMAccountName=0)")
    .contextSource(contextSource());

它有效,我刚刚改变了那个方法。

【讨论】:

非常感谢兄弟,我被困了好几个小时 伙计,我这两天卡住了,不是开玩笑的。这救了我的命:)

以上是关于Spring Security LDAP 登录错误凭据的主要内容,如果未能解决你的问题,请参考以下文章

使用Spring Security从LDAP加载组

使用 Spring Security 通过 MySQL-LDAP-Thymeleaf 登录

使用 spring security ldap 禁用基本身份验证

如何使用 ldap 和 spring security 从登录的用户那里获取电子邮件

Spring Security Ldap,只登录指定组中的用户

登录表单用户凭据而不是 LDAP Spring Security 中的硬编码 UserDn 和密码