我有一个使用Grails 2.2.3的应用程序,它使用插件Spring Security Core 1.2.7.3,Spring Security CAS 1.0.5和Spring Security LDAP 1.0.6 .
我使用LDAP作为角色,用户存储和用户信息,使用CAS进行单点登录 . 当我第一次验证 BadCredentials
异常(表示"not able to find a user with that username and password."的异常)时,但如果我第二次尝试验证它是正确的 .
当我调试该异常时,它实际上是由错误引起的:
org.jasig.cas.client.validation.TicketValidationException:
ticket 'my-ticket' does not match supplied service
有谁知道导致此错误的原因或如何解决?以下是resources.groovy中的设置:
initialDirContextFactory(DefaultSpringSecurityContextSource, "ldap://ldap.company.com:389") {
userDn = "CN=Admin,OU=Users,DC=company,DC=com"
password = "password"
}
ldapUserSearch(FilterBasedLdapUserSearch,
"OU=Users,DC=company,DC=com",
"employeeId={0}",
initialDirContextFactory) { }
ldapUserDetailsMapper(MyLdapUserDetailsContextMapper) { }
ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,
"ou=Groups,OU=Users,DC=company,DC=com") {
groupRoleAttribute = "cn"
groupSearchFilter = "member={0}"
rolePrefix = ""
searchSubtree = true
convertToUpperCase = true
ignorePartialResultException = true
}
userDetailsService(LdapUserDetailsService, ldapUserSearch, ldapAuthoritiesPopulator) {
userDetailsMapper = ref('ldapUserDetailsMapper')
}
以及config.groovy中的设置:
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas.company.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.defaultTargetUrl = '/'
grails.plugins.springsecurity.alwaysUseDefault = false