配置具有 Spring 安全性的自定义 LDAP 身份验证提供程序
Configuring a Custom LDAP Authentication Provider with Spring Security
我正在尝试使用 LDAP 身份验证配置 Spring 安全性,但我需要获取所有登录请求的用户名。
我配置我的 spring-security.xml who points to my MyCustomAuthenticationProvider class。我认为配置是正确的,但是在运行时,Spring 首先尝试使用他自己的 LdapAuthenticationProvider 登录。失败后请求发送到我自定义的class。我将 Spring 安全的日志级别设置为调试以查看发生的情况。
[#|DEBUG| date=2015-06-02 time=10:48:11.425 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Request is to process authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.l.a.LdapAuthenticationProvider Processing authentication request for user: admin |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.429 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: 'uid={0}', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = 'uid={0}' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using br.com.project.auth.MyCustomAuthenticationProvider |#]
[#|INFO | date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=b.c.p.auth.MyCustomAuthenticationProvider =========================> User admin is trying to login. |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: '(uid={0})', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.685 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = '(uid={0})' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Updated SecurityContextHolder to contain null Authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@64f289f7 |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.693 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.SimpleUrlAuthenticationFailureHandler Redirecting to /login?failed |#]
如何设置 Spring 使用我自定义的 class 而不是他的默认 LDAP 身份验证提供程序?
终于找到解决方法了
在spring-security.xml,我去掉配置
<security:ldap-authentication-provider
group-search-filter="member={0}"
group-search-base="ou=groups"
user-search-base="ou=people"
user-search-filter="uid={0}"
/>
我正在尝试使用 LDAP 身份验证配置 Spring 安全性,但我需要获取所有登录请求的用户名。
我配置我的 spring-security.xml who points to my MyCustomAuthenticationProvider class。我认为配置是正确的,但是在运行时,Spring 首先尝试使用他自己的 LdapAuthenticationProvider 登录。失败后请求发送到我自定义的class。我将 Spring 安全的日志级别设置为调试以查看发生的情况。
[#|DEBUG| date=2015-06-02 time=10:48:11.425 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Request is to process authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.428 thread=http-nio-8080-exec-1 controller=o.s.s.l.a.LdapAuthenticationProvider Processing authentication request for user: admin |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.429 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: 'uid={0}', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = 'uid={0}' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.660 thread=http-nio-8080-exec-1 controller=o.s.s.authentication.ProviderManager Authentication attempt using br.com.project.auth.MyCustomAuthenticationProvider |#]
[#|INFO | date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=b.c.p.auth.MyCustomAuthenticationProvider =========================> User admin is trying to login. |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.668 thread=http-nio-8080-exec-1 controller=o.s.s.l.search.FilterBasedLdapUserSearch Searching for user 'admin', with user search [ searchFilter: '(uid={0})', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.685 thread=http-nio-8080-exec-1 controller=o.s.s.ldap.SpringSecurityLdapTemplate Searching for entry under DN 'dc=springframework,dc=org', base = 'ou=people', filter = '(uid={0})' |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Updated SecurityContextHolder to contain null Authentication |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.686 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.UsernamePasswordAuthenticationFilter Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@64f289f7 |#]
[#|DEBUG| date=2015-06-02 time=10:48:11.693 thread=http-nio-8080-exec-1 controller=o.s.s.w.a.SimpleUrlAuthenticationFailureHandler Redirecting to /login?failed |#]
如何设置 Spring 使用我自定义的 class 而不是他的默认 LDAP 身份验证提供程序?
终于找到解决方法了
在spring-security.xml,我去掉配置
<security:ldap-authentication-provider
group-search-filter="member={0}"
group-search-base="ou=groups"
user-search-base="ou=people"
user-search-filter="uid={0}"
/>