1. 首頁
  2. 問答
  3. Spring Security LDAP身份驗證不適用於Java 8

Spring Security LDAP身份驗證不適用於Java 8

2016-08-12 164 views
0

我試圖使用Spring Security提供的LDAP身份驗證。一切都很好。在部署應用程序時出現以下錯誤。Spring Security LDAP身份驗證不適用於Java 8

Caused by: java.lang.RuntimeException: Could not postProcess [email protected]efa of type class org.springframework.security.ldap.server.ApacheDSContainer 
    at org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor.postProcess(AutowireBeanFactoryObjectPostProcessor.java:70) 
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter$CompositeObjectPostProcessor.postProcess(SecurityConfigurerAdapter.java:123) 
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter.postProcess(SecurityConfigurerAdapter.java:82) 
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.access$400(LdapAuthenticationProviderConfigurer.java:58) 
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.build(LdapAuthenticationProviderConfigurer.java:555) 
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.access$500(LdapAuthenticationProviderConfigurer.java:446) 
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.getContextSource(LdapAuthenticationProviderConfigurer.java:606) 
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.build(LdapAuthenticationProviderConfigurer.java:76)

Spring核心版本是4.3.2。 Spring Security LDAP版本是4.1.1。

我的Google研究列出了2013年的一篇文章,其中說這個問題是因爲Spring Security LDAP和Java 8之間不兼容。同一篇文章說它已經在某些Spring Boot版本中得到修復。它沒有提到非Spring引導庫的任何修補程序。

有沒有人試過使用Java 8的Spring Security LDAP Authentication?請幫忙。

來源

2016-08-12 Pankaj Dwivedi

回答

1

這裏是我使用Java 8和Spring Security LDAP的工作配置。我們將我們的Spring Web應用程序連接到Active Directory實例,以保證URL的訪問安全。

如果我記得沒錯,花費的時間比我預期的要長。

您需要更改LDAP上下文路徑的「Base」,並注意ldap.user是完整的LDAP CN,而不僅僅是用戶名。您可以使用像JXplorer這樣的LDAP瀏覽器(http://jxplorer.org/)來正確獲取LDAP設置。

import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.Profile; 
import org.springframework.ldap.core.support.BaseLdapPathContextSource; 
import org.springframework.ldap.core.support.LdapContextSource; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfig.class); 

    @Value("ldap://${ldap.host}:${ldap.port:389}") 
    private String url; 

    @Value("${ldap.user}") 
    private String user; 

    @Value("${ldap.password}") 
    private String password; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     LOGGER.info("Configuring security..."); 
     http.authorizeRequests() 
       .antMatchers("/").permitAll() 
       .antMatchers("/index.html").permitAll() 
       .anyRequest().fullyAuthenticated() 
       .and() 
       .httpBasic(); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.ldapAuthentication() 
      .userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))") 
      .contextSource(ldapContextSource()); 
    } 

    @Bean 
    public BaseLdapPathContextSource ldapContextSource() { 
     LOGGER.info("LDAP: {}", url); 
     LdapContextSource bean = new LdapContextSource(); 
     bean.setUrl(url); 
     bean.setBase("DC=CORP,DC=MyCompany,DC=com"); 
     bean.setUserDn(user); 
     bean.setPassword(password); 
     bean.setPooled(true); 
     bean.setReferral("follow"); 
     return bean; 
    } 
}

這裏假設你在配置文件中,看起來這

ldap.host=ldap.mycompany.com 
ldap.user=CN=MyUser,OU=Service Accounts,OU=New-York,DC=CORP,DC=MyCompany,DC=com 
# Encrypt using Jasypt or something 
ldap.password=B1gS3cr3t

來源

2016-08-12 16:42:09 pards

+0

很多感謝你的回答像有你的LDAP設置。我想知道是否在我的情況下使用嵌入式ApacheDS LDAP服務器,即通過類路徑上的LDIF文件導致我的應用程序失敗? –

相關問題

 相關問題