首页 文章

Grails中使用Spring安全性的无Gormless LDAP

提问于
浏览
4

这是ldap的grails配置

grails.plugins.springsecurity.ldap.context.managerDn = 'uid=admin,ou=system,dc=example,dc=com'
grails.plugins.springsecurity.ldap.context.managerPassword = 'secret'
grails.plugins.springsecurity.ldap.context.server = 'ldap://localhost:1389'
grails.plugins.springsecurity.ldap.authorities.groupSearchBase = 'ou=groups,dc=example,dc=com'
grails.plugins.springsecurity.ldap.search.base = 'dc=example,dc=com'

grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false

grails.plugins.springsecurity.providerNames=['ldapAuthProvider', 'anonymousAuthenticationProvider']

这是我的日志

DEBUG springsecurity.RequestHolderAuthenticationFilter  - Request is to process authentication
DEBUG authentication.ProviderManager  - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
DEBUG authentication.LdapAuthenticationProvider  - Processing authentication request for user: rsom
DEBUG search.FilterBasedLdapUserSearch  - Searching for user 'rsom', with user search [ searchFilter: '(uid={0})', searchBase: 'dc=example,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
DEBUG support.AbstractContextSource  - Got Ldap context on server 'ldap://localhost:1389'
DEBUG ldap.SpringSecurityLdapTemplate  - Searching for entry in under DN '', base = 'dc=example,dc=com', filter = '(uid={0})'
DEBUG ldap.SpringSecurityLdapTemplate  - Found DN: uid=rsom,dc=example,dc=com
DEBUG authentication.BindAuthenticator  - Attempting to bind as uid=rsom,dc=example,dc=com
DEBUG ldap.DefaultSpringSecurityContextSource  - Removing pooling flag for user uid=rsom,dc=example,dc=com
DEBUG support.AbstractContextSource  - Got Ldap context on server 'ldap://localhost:1389'
DEBUG userdetails.DefaultLdapAuthoritiesPopulator  - Getting authorities for user uid=rsom,dc=example,dc=com
DEBUG userdetails.DefaultLdapAuthoritiesPopulator  - Searching for roles for user 'rsom', DN = 'uid=rsom,dc=example,dc=com', with filter uniquemember={0} in search base 'ou=groups,dc=example,dc=com'
DEBUG ldap.SpringSecurityLdapTemplate  - Using filter: uniquemember=uid=rsom,dc=example,dc=com
INFO  core.LdapTemplate  - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
DEBUG support.AbstractContextSource  - Got Ldap context on server 'ldap://localhost:1389'
DEBUG authentication.ProviderManager  - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG spring.ReloadAwareAutowireCapableBeanFactory  - Returning cached instance of singleton bean 'transactionManager'
DEBUG hibernate.SQL  - select top ? this_.id as id23_0_, this_.version as version23_0_, this_.account_expired as account3_23_0_, this_.account_locked as account4_23_0_, this_.enabled as enabled23_0_, this_.entity_id as entity6_23_0_, this_."password" as password7_23_0_, this_.password_expired as password8_23_0_, this_.username as username23_0_ from user this_ where (this_.username=?)
WARN  springsecurity.GormUserDetailsService  - User not found: rsom
DEBUG support.TransactionTemplate  - Initiating transaction rollback on application exception
org.springframework.security.core.userdetails.UsernameNotFoundException: User not found
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
    at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:77)
    at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:102)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:202)
    at org.codehaus.groovy.grails.plugins.springsecurity.GormUserDetailsService$_loadUserByUsername_closure1.doCall(GormUserDetailsService.groovy:56)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

为了告诉grails和spring-security-ldap不要在我的数据库中查找通过ldap进行身份验证的用户,我需要做什么?

我使用的是Grails 1.3.7,Spring Security Core 1.1.2,Spring Security Ldap 1.0.3 .

grails ldap spring-security

1 回答

  • 4

    它似乎默认为GormUserDetailsService . 尝试将此配置设置为false:

    grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false

    确保以下内容也是假的 . 记住我也试图使用Gorm

    grails.plugins.springsecurity.conf.ldap.useRememberMe = false

    我注意到spring-security-ldap插件的 SpringSecurityLdapGrailsPlugin.groovy 有一个if / ifelse / else块来设置userDetailsService .

    以供参考:

    if (conf.ldap.authorities.retrieveGroupRoles) {
            ldapAuthoritiesPopulator(GrailsLdapAuthoritiesPopulator, contextSource, conf.ldap.authorities.groupSearchBase) {
                groupRoleAttribute = conf.ldap.authorities.groupRoleAttribute
                groupSearchFilter = conf.ldap.authorities.groupSearchFilter
                searchSubtree = conf.ldap.authorities.searchSubtree
                if (conf.ldap.authorities.defaultRole) {
                    defaultRole = conf.ldap.authorities.defaultRole
                }
                ignorePartialResultException = conf.ldap.authorities.ignorePartialResultException // false
                if (conf.ldap.useRememberMe && conf.ldap.authorities.retrieveDatabaseRoles) {
                    userDetailsService = ref('ldapRememberMeUserDetailsService')
                }
                else {
                    userDetailsService = ref('userDetailsService')
                }
                retrieveDatabaseRoles = conf.ldap.authorities.retrieveDatabaseRoles // false
            }
        }
        else if (conf.ldap.authorities.retrieveDatabaseRoles) {
            ldapAuthoritiesPopulator(DatabaseOnlyLdapAuthoritiesPopulator) {
                if (conf.ldap.authorities.defaultRole) {
                    defaultRole = conf.ldap.authorities.defaultRole
                }
                if (conf.ldap.useRememberMe) {
                    userDetailsService = ref('ldapRememberMeUserDetailsService')
                }
                else {
                    userDetailsService = ref('userDetailsService')
                }
            }
        }
        else {
            ldapAuthoritiesPopulator(NullLdapAuthoritiesPopulator)
        }
    回复于

相关问题