spring security ldap 配置问题

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:jms="http://www.springframework.org/schema/jms"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!-- 
<authentication-manager alias="authenticationManager"/> -->
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
<beans:property name="defaultTargetUrl" value="/default.jsp"/>
<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
</beans:bean>
    <beans:bean id="authenticationManager" 
         class="org.springframework.security.providers.ProviderManager"> 
         <beans:property name="providers"> 
             <beans:list> 
                 <beans:ref local="ldapAuthProvider" /> 
             </beans:list> 
         </beans:property> 
     </beans:bean>  <ldap-authentication-provider user-dn-pattern="uid={0},ou=users,o=people"/>
<ldap-authentication-provider user-search-filter="(uid={0})" user-search-base="ou=users,o=people"/>
<ldap-server url="ldap://127.0.0.1:389/dc=example,dc=com" />
<!-- 
<beans:bean id="userDetailsService" class="com.security.ldap.MyUserDetailsServiceImpl"></beans:bean>
    -->
    
    <beans:bean id="userDetailsService"
class="com.security.database.dao.MySecurityJDBCTempleteImpl"
p:dataSource-ref="dataSource"
p:debug="true"
p:queryUserByUsernameSQLString="select userName, passWord, enabled, userId, email from users where userName=?"
p:queryAuthoritiesByUsernameSQLString="select u.userName,r.roleName  from users u,roles r,users_roles ur where u.userId=ur.userId and r.roleId=ur.roleId and u.userName=?"/> 
    
    <beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
     <beans:constructor-arg>
     <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
     <beans:constructor-arg ref="contextSource"/>
     <beans:property name="userSearch" ref="userSearch"/>
     <!-- 
     <beans:property name="userDnPatterns">
     <beans:list>
     <beans:value>uid={0},ou=users,o=people</beans:value>
     </beans:list>
     </beans:property> -->
     </beans:bean>
     </beans:constructor-arg>
     <beans:constructor-arg>
      <beans:bean class="com.security.ldap.MyLdapAuthoritiesPopulator2223">
      </beans:bean>
     </beans:constructor-arg>
    </beans:bean>
    
    <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="ou=users,o=people" />
    <beans:constructor-arg index="1" value="(uid={0})" />
    <beans:constructor-arg index="2" ref="contextSource" />
    <!-- <beans:property name="searchSubtree" value="true" />  -->
</beans:bean>    <!-- 常用配置-->
    <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" >
    <beans:constructor-arg value="ldap://127.0.0.1:389/dc=example,dc=com"/>
    <beans:property name="userDn" value="cn=root"/>
    <beans:property name="password" value="root"/>
    </beans:bean> 
    <http auto-config="true" lowercase-comparisons="true"
path-type="ant" session-fixation-protection="newSession">
<intercept-url pattern="/admin/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/user/**" access="ROLE_SUPERVISOR,ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/default.jsp" access="ROLE_USER,IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/default.jsp" authentication-failure-url="/login.jsp?login_error=1" always-use-default-target="true"/>
<anonymous key="changeThis" username="anonymousUser" granted-authority="ROLE_ANONYMOUS"/>
<logout logout-success-url="/login.jsp"/>
<!-- --> 
<remember-me key="springsecurity" user-service-ref="userDetailsService"/>  
 

<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>

</beans:beans>14:44:33,671 INFO LdapTemplate:1262 - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
能够登录进去,但是用户的角色没有赋值。

解决方案 »

  1.   

    MyLdapAuthoritiesPopulator2223 没有指定权限参数的名称自带的Default可以用不?例子: <bean id="ldapAuthoritiesPopulator"
    class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="ou=Groups" />
    <property name="groupSearchFilter" value="(uniqueMember={0})" />
    </bean>
      

  2.   


    DefaultLdapAuthoritiesPopulator是ldap授权的。
    我的是ldap认证,DB授权的。