使用 Spring Security 配置自定义 LDAP 身份验证提供程序

Posted

技术标签:

【中文标题】使用 Spring Security 配置自定义 LDAP 身份验证提供程序【英文标题】:Configuring a Custom LDAP Authentication Provider with Spring Security 【发布时间】:2015-08-16 09:08:40 【问题描述】:

我正在尝试使用 LDAP 身份验证配置 Spring Security,但我需要获取所有登录请求的用户名。

我配置了指向我的MyCustomAuthenticationProvider 类的spring-security.xml。我认为配置是正确的,但是在运行时,Spring首先尝试使用自己的LdapAuthenticationProvider登录。失败后,请求被发送到我的自定义类。我将 Spring Security 的日志级别设置为 Debug 以查看这种情况。

[#|DEBUG| date=2015-06-02 time=10:48:11.425 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Request is to process authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.l.a.LdapAuthenticationProvider Processing authentication request for user: admin |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.429 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: 'uid=0', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = 'uid=0' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using br.com.project.auth.MyCustomAuthenticationProvider |#]
[#|INFO | date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=b.c.p.auth.MyCustomAuthenticationProvider =========================> User admin is trying to login. |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: '(uid=0)', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.685 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = '(uid=0)' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Updated SecurityContextHolder to contain null Authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@64f289f7 |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.693 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.SimpleUrlAuthenticationFailureHandler Redirecting to /login?failed |#]

如何设置 Spring 使用我的自定义类而不是他的默认 LDAP 身份验证提供程序?

【问题讨论】:

我忘了说:请求是一次失败的尝试,因为成功的请求甚至没有传递到我的自定义类中。 【参考方案1】:

我终于找到了解决办法。

在 spring-security.xml 中,我删除了配置

<security:ldap-authentication-provider
        group-search-filter="member=0"
        group-search-base="ou=groups"
        user-search-base="ou=people"
        user-search-filter="uid=0"
    />

【讨论】:

以上是关于使用 Spring Security 配置自定义 LDAP 身份验证提供程序的主要内容,如果未能解决你的问题,请参考以下文章

可以使用 Spring Security 实时加载自定义配置文件吗?

四Spring Security使用自定义认证页面

四Spring Security使用自定义认证页面

spring-security 使用AuthenticationProvider配置自定义登录选项

如何使用 Java 配置表示 Spring Security“自定义过滤器”?

Spring Security —— 自定义配置