Spring ldap:未授予任何权限
Spring ldap : not granted any authorities
我正在尝试从 xml 文件中删除构造函数信息。这些信息将通过 System.getProperty.
加载
原始代码运行良好,如下所示:
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0" ref="initialDirContextFactory"/>
<constructor-arg index="1" value="OU=AA,DC=US,DC=BB,DC=local"/>
<property name="groupRoleAttribute" value="CN"/>
<property name="searchSubtree" value="true"/>
<property name="ignorePartialResultException" value="true"/>
</bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="OU=AA,DC=US,DC=BB,DC=local"/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="initialDirContextFactory"/>
<property name="searchSubtree" value="true"/>
</bean>
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
我修改了代码。现在,ldap 找不到任何用户:Authenticated false。未授予任何权限。
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
<bean id="authoritiesPopulator" class="com.AA.BB.AuthoritiesPopulator"/>
<bean id="userSearch" class="com.AA.BB.UserSearch"/>
public class UserSearch implements LdapUserSearch {
public UserSearch() {
this.searchBase="OU=AA,DC=US,DC=BB,DC=local";
this.searchFilter="(sAMAccountName={0})"
}
}
有什么想法吗?谢谢!
更新:
ldap structure
us.BB.local
AA(foler)
AAA(subfolder)
BBB(subfolder)
CCC(subfolder)
DDD(subfolder);
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
<bean id="authoritiesPopulator" class="com.AA.BB.AuthoritiesPopulator"/>
<bean id="userSearch" class="com.AA.BB.UserSearch">
<constructor-arg index="0" ref="initialDirContextFactory"/>
<property name="searchSubtree" value="true"/>
</bean>
// UserSearch copied from FilterBasedLdapUserSearch, just modified the constructor
public class UserSearch implements LdapUserSearch {
public UserSearch(BaseLdapPathContextSource contextSource) {
this.contextSource = contextSource;
this.searchBase="OU=AA,DC=US,DC=BB,DC=local";
this.searchFilter="(sAMAccountName={0})"
}
}
以上代码已解决此问题。
但是我还是想不通为什么之前的方法不行。我怀疑 LdapConfig bean 没有被适当地注入,尽管三个 beans 被成功实例化。
我正在尝试从 xml 文件中删除构造函数信息。这些信息将通过 System.getProperty.
加载原始代码运行良好,如下所示:
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0" ref="initialDirContextFactory"/>
<constructor-arg index="1" value="OU=AA,DC=US,DC=BB,DC=local"/>
<property name="groupRoleAttribute" value="CN"/>
<property name="searchSubtree" value="true"/>
<property name="ignorePartialResultException" value="true"/>
</bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="OU=AA,DC=US,DC=BB,DC=local"/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="initialDirContextFactory"/>
<property name="searchSubtree" value="true"/>
</bean>
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
我修改了代码。现在,ldap 找不到任何用户:Authenticated false。未授予任何权限。
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
<bean id="authoritiesPopulator" class="com.AA.BB.AuthoritiesPopulator"/>
<bean id="userSearch" class="com.AA.BB.UserSearch"/>
public class UserSearch implements LdapUserSearch {
public UserSearch() {
this.searchBase="OU=AA,DC=US,DC=BB,DC=local";
this.searchFilter="(sAMAccountName={0})"
}
}
有什么想法吗?谢谢!
更新:
ldap structure
us.BB.local
AA(foler)
AAA(subfolder)
BBB(subfolder)
CCC(subfolder)
DDD(subfolder);
<bean id="initialDirContextFactory" class="com.AA.BB.LdapConfig"/>
<bean id="authoritiesPopulator" class="com.AA.BB.AuthoritiesPopulator"/>
<bean id="userSearch" class="com.AA.BB.UserSearch">
<constructor-arg index="0" ref="initialDirContextFactory"/>
<property name="searchSubtree" value="true"/>
</bean>
// UserSearch copied from FilterBasedLdapUserSearch, just modified the constructor
public class UserSearch implements LdapUserSearch {
public UserSearch(BaseLdapPathContextSource contextSource) {
this.contextSource = contextSource;
this.searchBase="OU=AA,DC=US,DC=BB,DC=local";
this.searchFilter="(sAMAccountName={0})"
}
}
以上代码已解决此问题。
但是我还是想不通为什么之前的方法不行。我怀疑 LdapConfig bean 没有被适当地注入,尽管三个 beans 被成功实例化。