spring-security Spring Security Active Directory身份验证-无限登录弹出窗口

50few1ms  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(148)

我正在使用Sping Boot (2.7.2)安全性。我的安全性配置是:

public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        return http.build();
    }

    @Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(
                "company.com", "ldap://ldap-company.com:389");
        provider.setSearchFilter("(&(objectClass=user)(sAMAccountName={0}))");
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);
        return provider;
    }

}

现在,当我点击我的URI时,我会不断地看到登录弹出窗口。

我提供的用户名和密码是正确的。在控制台没有任何错误。
我做错了什么还是遗漏了什么?

tjvv9vkg

tjvv9vkg1#

当我还在等待正确答案的时候,我从这里得到了这个想法,而且它很有效。
所以这就是我最后得到的结果:

public class WebSecurityConfig extends GlobalAuthenticationConfigurerAdapter {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
                // .fullyAuthenticated()
                .and().httpBasic();
        return http.build();
    }

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
                "ldap://ldap-company.com:389/dc=company,dc=com");
        contextSource.setUserDn("CN=MYBindUser,OU=Ldap,dc=COMPANY,dc=com");
        contextSource.setPassword("ComplexP@ssw0rd");
        contextSource.setReferral("follow");
        contextSource.afterPropertiesSet();

        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth
                .ldapAuthentication();

        ldapAuthenticationProviderConfigurer
        .userSearchFilter("(&(cn={0}))")
        // .userSearchFilter("(sAMAccountName=%s)")
        .userSearchBase("")
        // .groupSearchBase("(&(objectCategory=group)(cn={0}))")
        .contextSource(contextSource);
    }

}

现在,我的HTTPBasic身份验证与ActiveDirectory LDAP工作得很好。

相关问题