Spring 3.1 LDAP Authentication Process: “Bad Credentials” msg When Credentials Are Good

后端 未结 2 923
时光说笑
时光说笑 2021-02-09 10:38

Spring 3.1 Tomcat 6.*

I\'m working on making a Spring 3.1 webapp, authenticating with LDAP.

I tested the LDAP credentials (username, password, ldap URL, sear

相关标签:
2条回答
  • 2021-02-09 10:57

    I will try luck. Few weeks ago I had a similar problem. No errors, correct user/pass and Bad Credentials error.

    First, I recommend you to activate debug level for spring security. You will get more information. In my case, this helped me to see that the problem was that my user did not have any role associated and Spring was traducing it as "bad credentials" error. It could be your case. Check it.

    Anyway, bad credentials doesn't mean always user/pass incorrect.

    EDIT: For activating debug level using log4j:

    <logger name="org.springframework.security">
        <level value="DEBUG" />
    </logger>
    

    In you configuration, it can be read that access to welcome page requires admin role: ROLE_ADMIN. If you don't want roles, you should try something like this:

    <s:intercept-url pattern="/welcome*" access="isAuthenticated()" />  
    
    0 讨论(0)
  • 2021-02-09 11:07

    Your Java example is using standard bind authentication, but you have set the Spring Security configuration to do an LDAP compare operation on the user's password. This will fail because the LDAP server is not using the same password encoding format as Spring Security's MD5 encoder. For a compare operation to succeed, the stored value must match the string that is sent to the directory. In most cases you want to use standard LDAP (bind) authentication. You'll probably need to use a bean configuration for the authentication provider. Try using:

    <s:ldap-server id="contextSource" url="ldap://ldap-itc.sam.acme.com:636/o=acme.com"/>
    
    <bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
     <constructor-arg>
       <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
         <constructor-arg ref="contextSource"/>
         <property name="userDnPatterns">
           <list><value>uid={0},ou=People</value></list>
         </property>
       </bean>
     </constructor-arg>
     <constructor-arg>
       <bean class="org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator"/>
     </constructor-arg>
      <property name="authoritiesMapper">
        <bean class="class="org.springframework.security.core.authority.mapping">
           <property name="defaultAuthority" value="ROLE_USER" />
        </bean>
      </property>   
    </bean>
    
    <s:authentication-manager>
      <s:authentication-manager ref="ldapAuthProvider" />
    </s:authentication-manager>
    

    I'd recommend you also read the LDAP chapter of the reference manual.

    Also, if you want to know why an authentication is failing, the best place to find out is the log for the LDAP server itself. If you don't have full access, then find out how it is set up and use a local server (such as OpenLDAP) where you have full control.

    0 讨论(0)
提交回复
热议问题