<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:jms="http://www.springframework.org/schema/jms"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!--
<authentication-manager alias="authenticationManager"/> -->
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
<beans:property name="defaultTargetUrl" value="/default.jsp"/>
<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
</beans:bean>
<beans:bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="ldapAuthProvider" />
</beans:list>
</beans:property>
</beans:bean> <ldap-authentication-provider user-dn-pattern="uid={0},ou=users,o=people"/>
<ldap-authentication-provider user-search-filter="(uid={0})" user-search-base="ou=users,o=people"/>
<ldap-server url="ldap://127.0.0.1:389/dc=example,dc=com" />
<!--
<beans:bean id="userDetailsService" class="com.security.ldap.MyUserDetailsServiceImpl"></beans:bean>
-->
<beans:bean id="userDetailsService"
class="com.security.database.dao.MySecurityJDBCTempleteImpl"
p:dataSource-ref="dataSource"
p:debug="true"
p:queryUserByUsernameSQLString="select userName, passWord, enabled, userId, email from users where userName=?"
p:queryAuthoritiesByUsernameSQLString="select u.userName,r.roleName from users u,roles r,users_roles ur where u.userId=ur.userId and r.roleId=ur.roleId and u.userName=?"/>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
<!--
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=users,o=people</beans:value>
</beans:list>
</beans:property> -->
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="com.security.ldap.MyLdapAuthoritiesPopulator2223">
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=users,o=people" />
<beans:constructor-arg index="1" value="(uid={0})" />
<beans:constructor-arg index="2" ref="contextSource" />
<!-- <beans:property name="searchSubtree" value="true" /> -->
</beans:bean> <!-- 常用配置-->
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" >
<beans:constructor-arg value="ldap://127.0.0.1:389/dc=example,dc=com"/>
<beans:property name="userDn" value="cn=root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<http auto-config="true" lowercase-comparisons="true"
path-type="ant" session-fixation-protection="newSession">
<intercept-url pattern="/admin/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/user/**" access="ROLE_SUPERVISOR,ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/default.jsp" access="ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/default.jsp" authentication-failure-url="/login.jsp?login_error=1" always-use-default-target="true"/>
<anonymous key="changeThis" username="anonymousUser" granted-authority="ROLE_ANONYMOUS"/>
<logout logout-success-url="/login.jsp"/>
<!-- -->
<remember-me key="springsecurity" user-service-ref="userDetailsService"/>
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
</beans:beans>14:44:33,671 INFO LdapTemplate:1262 - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
能够登录进去,但是用户的角色没有赋值。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:jms="http://www.springframework.org/schema/jms"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!--
<authentication-manager alias="authenticationManager"/> -->
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
<beans:property name="defaultTargetUrl" value="/default.jsp"/>
<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
</beans:bean>
<beans:bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="ldapAuthProvider" />
</beans:list>
</beans:property>
</beans:bean> <ldap-authentication-provider user-dn-pattern="uid={0},ou=users,o=people"/>
<ldap-authentication-provider user-search-filter="(uid={0})" user-search-base="ou=users,o=people"/>
<ldap-server url="ldap://127.0.0.1:389/dc=example,dc=com" />
<!--
<beans:bean id="userDetailsService" class="com.security.ldap.MyUserDetailsServiceImpl"></beans:bean>
-->
<beans:bean id="userDetailsService"
class="com.security.database.dao.MySecurityJDBCTempleteImpl"
p:dataSource-ref="dataSource"
p:debug="true"
p:queryUserByUsernameSQLString="select userName, passWord, enabled, userId, email from users where userName=?"
p:queryAuthoritiesByUsernameSQLString="select u.userName,r.roleName from users u,roles r,users_roles ur where u.userId=ur.userId and r.roleId=ur.roleId and u.userName=?"/>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
<!--
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=users,o=people</beans:value>
</beans:list>
</beans:property> -->
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="com.security.ldap.MyLdapAuthoritiesPopulator2223">
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=users,o=people" />
<beans:constructor-arg index="1" value="(uid={0})" />
<beans:constructor-arg index="2" ref="contextSource" />
<!-- <beans:property name="searchSubtree" value="true" /> -->
</beans:bean> <!-- 常用配置-->
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" >
<beans:constructor-arg value="ldap://127.0.0.1:389/dc=example,dc=com"/>
<beans:property name="userDn" value="cn=root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<http auto-config="true" lowercase-comparisons="true"
path-type="ant" session-fixation-protection="newSession">
<intercept-url pattern="/admin/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/user/**" access="ROLE_SUPERVISOR,ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/default.jsp" access="ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/default.jsp" authentication-failure-url="/login.jsp?login_error=1" always-use-default-target="true"/>
<anonymous key="changeThis" username="anonymousUser" granted-authority="ROLE_ANONYMOUS"/>
<logout logout-success-url="/login.jsp"/>
<!-- -->
<remember-me key="springsecurity" user-service-ref="userDetailsService"/>
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
</beans:beans>14:44:33,671 INFO LdapTemplate:1262 - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
能够登录进去,但是用户的角色没有赋值。
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=Groups" />
<property name="groupSearchFilter" value="(uniqueMember={0})" />
</bean>
DefaultLdapAuthoritiesPopulator是ldap授权的。
我的是ldap认证,DB授权的。