1. 技术文章
  2. Grails - Spring security plugin ldap: remember me not working

Grails - Spring security plugin ldap: remember me not working

﹥>﹥吖頭↗ 提交于 2019-12-23 01:07:17

问题


I have a Grails application with spring-security-ldap plugin installed and configured with Active Directory specific options.

  • Grails version: 2.1.1.
  • spring-security-core plugin version: 2.0-RC2
  • spring-security-ldap plugin version: 2.0-RC2

Everything works fine: users log in to the application validating against the Active Directory and their groups are retrieved in order to control the access to the different pages.

My problem: "remember me" option doesn't work. I have configured the application in order to use "remember me" option and I have run the s2-create-persistent-token command. I have also activated the specific traces. Everything works fine: the user successfully logs in to the application with the "remember me" option checked, the token is created and the cookie is sent to the client. The user closes the browser and then reopens it. At this point, the application successfully validates that the user in the cookie matches with the user in the persistent token. Then I can see this in the log

userdetails.LdapUserDetailsManager  - Loading user 'sAMAccountName' with DN 'cn=sAMAccountName,dc=company,dc=country'
rememberme.PersistentTokenBasedRememberMeServices  - Remember-me login was valid but corresponding user not found.
Message: User sAMAccountName not found
   Line | Method
->>  49 | doFilter in grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    82 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
|   886 | runTask  in java.util.concurrent.ThreadPoolExecutor$Worker
|   908 | run      in     ''
^   619 | run . .  in java.lang.Thread
Caused by NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=company,DC=country'

The first log line shows a not valid DN for the user. The DN for the user is something like this

cn=name,ou=a group,ou=a super group,dc=company,dc=country

Could be that the problem? How can I solve it?

My configuration

// Spring Security
grails.plugin.springsecurity.logout.postOnly = false

// Spring Security LDAP
grails.plugin.springsecurity.ldap.context.managerDn = 'CN="a user",OU="a group",DC="company",DC="country"'
grails.plugin.springsecurity.ldap.context.managerPassword = '"password"'
grails.plugin.springsecurity.ldap.context.server = 'ldap://"server":389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']

// role-specific LDAP config
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})' // Active Directory specific


grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/home'

grails.plugin.springsecurity.rememberMe.persistent = true
grails.plugin.springsecurity.rememberMe.persistentToken.domainClassName = 'censo.auth.PersistentLogin'
grails.plugin.springsecurity.ldap.useRememberMe = true
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupMemberAttributeName = 'member'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupRoleAttribute = 'CN'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupSearchBase = 'OU="another group",dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.passwordAttributeName = 'userPassword'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.usernameAttribute = 'cn'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.attributesToRetrieve = null

Thank you in advance

来源:https://stackoverflow.com/questions/22175417/grails-spring-security-plugin-ldap-remember-me-not-working

标签
grails
remember-me
spring-security-ldap
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!