使用Spring Security笨頭笨腦的LDAP Grails中

Question

這裏是我的Grails配置爲LDAP

grails.plugins.springsecurity.ldap.context.managerDn = 'uid=admin,ou=system,dc=example,dc=com' 
grails.plugins.springsecurity.ldap.context.managerPassword = 'secret' 
grails.plugins.springsecurity.ldap.context.server = 'ldap://localhost:1389' 
grails.plugins.springsecurity.ldap.authorities.groupSearchBase = 'ou=groups,dc=example,dc=com' 
grails.plugins.springsecurity.ldap.search.base = 'dc=example,dc=com' 

grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false 

grails.plugins.springsecurity.providerNames=['ldapAuthProvider', 'anonymousAuthenticationProvider'] 

這是我的日誌

DEBUG springsecurity.RequestHolderAuthenticationFilter - Request is to process authentication 
DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider 
DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for user: rsom 
DEBUG search.FilterBasedLdapUserSearch - Searching for user 'rsom', with user search [ searchFilter: '(uid={0})', searchBase: 'dc=example,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] 
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389' 
DEBUG ldap.SpringSecurityLdapTemplate - Searching for entry in under DN '', base = 'dc=example,dc=com', filter = '(uid={0})' 
DEBUG ldap.SpringSecurityLdapTemplate - Found DN: uid=rsom,dc=example,dc=com 
DEBUG authentication.BindAuthenticator - Attempting to bind as uid=rsom,dc=example,dc=com 
DEBUG ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user uid=rsom,dc=example,dc=com 
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389' 
DEBUG userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user uid=rsom,dc=example,dc=com 
DEBUG userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'rsom', DN = 'uid=rsom,dc=example,dc=com', with filter uniquemember={0} in search base 'ou=groups,dc=example,dc=com' 
DEBUG ldap.SpringSecurityLdapTemplate - Using filter: uniquemember=uid=rsom,dc=example,dc=com 
INFO core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true 
DEBUG support.AbstractContextSource - Got Ldap context on server 'ldap://localhost:1389' 
DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 
DEBUG spring.ReloadAwareAutowireCapableBeanFactory - Returning cached instance of singleton bean 'transactionManager' 
DEBUG hibernate.SQL - select top ? this_.id as id23_0_, this_.version as version23_0_, this_.account_expired as account3_23_0_, this_.account_locked as account4_23_0_, this_.enabled as enabled23_0_, this_.entity_id as entity6_23_0_, this_."password" as password7_23_0_, this_.password_expired as password8_23_0_, this_.username as username23_0_ from user this_ where (this_.username=?) 
WARN springsecurity.GormUserDetailsService - User not found: rsom 
DEBUG support.TransactionTemplate - Initiating transaction rollback on application exception 
org.springframework.security.core.userdetails.UsernameNotFoundException: User not found 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) 
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513) 
    at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:77) 
    at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:102) 
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:202) 
    at org.codehaus.groovy.grails.plugins.springsecurity.GormUserDetailsService$_loadUserByUsername_closure1.doCall(GormUserDetailsService.groovy:56) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 

我需要什麼，以便告訴Grails和彈簧安全 - 做ldap不要在我的數據庫中查看通過ldap進行身份驗證的用戶？

我使用的是Grails 1.3.7，Spring Security Core 1.1.2，Spring Security Ldap 1.0.3。

Answer 1

它似乎是默認的GormUserDetailsS​​ervice。嘗試將此配置設置爲false：

grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false 

確保以下內容也是錯誤的。記住我嘗試使用格姆太

grails.plugins.springsecurity.conf.ldap.useRememberMe = false 

我注意到彈簧安全LDAP插件的SpringSecurityLdapGrailsPlugin.groovy有如果/ ifelse/else塊，其設置的UserDetailsS​​ervice。

相關信息：

 if (conf.ldap.authorities.retrieveGroupRoles) { 
      ldapAuthoritiesPopulator(GrailsLdapAuthoritiesPopulator, contextSource, conf.ldap.authorities.groupSearchBase) { 
       groupRoleAttribute = conf.ldap.authorities.groupRoleAttribute 
       groupSearchFilter = conf.ldap.authorities.groupSearchFilter 
       searchSubtree = conf.ldap.authorities.searchSubtree 
       if (conf.ldap.authorities.defaultRole) { 
        defaultRole = conf.ldap.authorities.defaultRole 
       } 
       ignorePartialResultException = conf.ldap.authorities.ignorePartialResultException // false 
       if (conf.ldap.useRememberMe && conf.ldap.authorities.retrieveDatabaseRoles) { 
        userDetailsService = ref('ldapRememberMeUserDetailsService') 
       } 
       else { 
        userDetailsService = ref('userDetailsService') 
       } 
       retrieveDatabaseRoles = conf.ldap.authorities.retrieveDatabaseRoles // false 
      } 
     } 
     else if (conf.ldap.authorities.retrieveDatabaseRoles) { 
      ldapAuthoritiesPopulator(DatabaseOnlyLdapAuthoritiesPopulator) { 
       if (conf.ldap.authorities.defaultRole) { 
        defaultRole = conf.ldap.authorities.defaultRole 
       } 
       if (conf.ldap.useRememberMe) { 
        userDetailsService = ref('ldapRememberMeUserDetailsService') 
       } 
       else { 
        userDetailsService = ref('userDetailsService') 
       } 
      } 
     } 
     else { 
      ldapAuthoritiesPopulator(NullLdapAuthoritiesPopulator) 
     }