Spring Security 2.0.6 Authentification avec Active Directory

Question

J'ai essayé de mettre de l'authentification avec Ldap-Active Directory et Spring Security 2.0.6. Mais je ne sais pas pourquoi l'authentification ne passe pas ...

Ici vous pouvez voir la console:

> INFO [Server] JBoss (MX MicroKernel) 
> [4.2.3.GA (build: 
> SVNTag=JBoss_4_2_3_GA 
> date=200807181439)] Started in 
> 30s:118ms 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureBadCredentialsEvent: 
> secretariauno1; details: 
> org.springframework.security.ui.WebAuthenticationDetails@255f8: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: User secretariauno1 not 
> found in directory. 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureBadCredentialsEvent: 
> secretariauno; details: 
> org.springframework.security.ui.WebAuthenticationDetails@255f8: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: Bad credentials; nested 
> exception is 
> org.springframework.ldap.AuthenticationException: 
> [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 52e, 
> v1db0 
> 
> INFO [STDOUT] [INFO] The 
> returnObjFlag of supplied 
> SearchControls is not set but a 
> ContextMapper is used - setting flag 
> to true 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureServiceExceptionEvent: 
> secretariauno; details: 
> org.springframework.security.ui.WebAuthenticationDetails@255f8: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: Unprocessed Continuation 
> Reference(s); nested exception is 
> javax.naming.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> remaining name ''; nested exception is 
> org.springframework.ldap.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> nested exception is 
> javax.naming.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> remaining name '' 

Il y a trois [WARN], le premier secretariauno1 est pas dans LDAP. Le second, le mot de passe est mauvais. Mais les tiers, c'est bien et ça ne passe pas. Il retourne à la page de connexion. J'ai cherché "returnObjFlag" et à propos de "nom restant" sans objectifs ...

S'il vous plaît, si quelqu'un peut m'aider ..., MERCI !!!

Ici vous pouvez voir tha applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-2.5.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-2.0.xsd"> 

    <bean id="loggerListener" 
      class="org.springframework.security.event.authentication.LoggerListener" /> 

    <security:http> 
     <security:intercept-url pattern="/**" access="ROLE_USUARIO_AUTENTICADO" /> 
     <security:intercept-url pattern="/login.jsp" filters="none"/> 
     <security:intercept-url pattern="/css/*" filters="none"/> 
     <security:form-login 
      login-processing-url="/j_security_check" 
      login-page="/login.jsp" 
      default-target-url="/index.jsp" 
      always-use-default-target="true" 
      authentication-failure-url="/login.jsp" /> 
     <security:anonymous/> 
     <security:http-basic/> 
     <security:logout/> 
    </security:http> 

    <security:ldap-server id="ldapServer" 
          url="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com" 
          manager-dn="cn=desLector,ou=Users,dc=preminjus,dc=es" 
          manager-password="pwd123"/> 

    <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})" 
              user-search-base="ou=Users"/> 



    <security:ldap-user-service server-ref="ldapServer" 
           user-search-filter="sAMAccountName={0}" 
           user-search-base="ou=Users"/> 

</beans> 

Answer 1

Peut-être this link pourrait vous aider. Il y a une raison possible au problème.

Il est probablement dû à un besoin de suivre les recherches de référence.

This link est également liée à une façon de configurer la référence.

Answer 2

Résolue

Eh bien, enfin je l'ai migré vers Spring Security 3.0.4. Le problème était que vous deviez utiliser la définition des beans car Active Directory avait besoin du bean Populator.

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 

<bean id="loggerListener" 
    class="org.springframework.security.authentication.event.LoggerListener" /> 

<security:http> 
    <security:session-management> 
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> 
    </security:session-management> 
    <security:intercept-url pattern="/css/*" filters="none"/> 
    <security:intercept-url pattern="/login.jsp" filters="none"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" /> 
    <security:form-login 
    login-processing-url="/j_spring_security_check" 
    login-page="/login.jsp" 
    default-target-url="/index.jsp" 
    always-use-default-target="true" 
    authentication-failure-url="/login.jsp" /> 
    <security:anonymous/> 
    <security:http-basic/> 
    <security:logout/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider ref='ldapAuthProvider' /> 
</security:authentication-manager> 


<!-- 
* The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter 
    what is included in LDAP as memberOf, for example, if it have value="ou=Users" the 
    users without thios group don't have access. 

* It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor. 
    But, for example, if in the LDAP, the user have in memberOf attribute: 
    "CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for 
    OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix, 
    "PREADM" is for CN=Preadm in the memberOf. 
    --> 

<bean id="ldapAuthProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> 
    <constructor-arg> 
    <bean id="bindAuthenticator" 
     class="org.springframework.security.ldap.authentication.BindAuthenticator"> 
    <constructor-arg ref="contextSource" /> 
    <property name="userSearch" ref="userSearch"/> 
    </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> 
    <constructor-arg ref="contextSource"/> 
    <constructor-arg value="ou=Users"/> 
    <property name="defaultRole" value="ROLE_USER_AUTENTICADO"/> 
    <property name="searchSubtree" value="true" /> 
    <property name="ignorePartialResultException" value="true"/> 
     </bean> 
    </constructor-arg> 
</bean> 

<bean id="userSearch" 
    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> 
    <constructor-arg index="0" value="ou=Users"/> 
    <constructor-arg index="1" value="(sAMAccountName={0})"/> 
    <constructor-arg index="2" ref="contextSource" /> 
    <property name="searchSubtree" value="true"/> 
</bean> 

<bean id="contextSource" 
    class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 
    <constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/> 
    <property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/> 
    <property name="password" value="pwd123"/> 
</bean> 

</beans>