「已注销」 2023-01-14 20:07 采纳率: 0%
浏览 74
已结题

LDAP连接springboot报错Bad credentials

今天一个需求springboot连接LDAP(外接服务器),让用户访问时进行验证账号密码,然后授权登录,但是解决完之后登录用户报bug
Bad credentials,实在不懂

1.引入依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.ldap</groupId>
            <artifactId>spring-ldap-core</artifactId>
        </dependency>
        <dependency>
            <groupId>com.unboundid</groupId>
            <artifactId>unboundid-ldapsdk</artifactId>
        </dependency>

> 2.configuration
`
```java

EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin();
    }
        @Bean
    public LdapContextSource ldapContextSource(){
        LdapContextSource source = new LdapContextSource();
        source.setBase("dc=nas,dc=hrp,dc=com");
        source.setUrl("ldap://192.xx.0.xxx:389/dc=xx,dc=xxx,dc=com");
        source.setPassword("123456");
        source.setUserDn("uid=root,cn=users,dc=xx,dc=xxx,dc=com");
        return source;
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource()
                .url("ldap://192.xx.0.xxx:389/dc=xx,dc=xxx,dc=com") // 此处指定了LDAP服务器路径,端口号为我们自定义的8388
                .managerDn("uid=root,cn=users,dc=xx,dc=xxx,dc=com")
                .managerPassword("123456")

                .and()
                .passwordCompare()
                .passwordAttribute("userPassword");
    }

}
> 3.controller和

```java
@Controller
public class Controller1 {
    @GetMapping("/hello")
   public String get1(){

       return "返回值";
   }
}
@SpringBootApplication

public class DemoLadpbApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoLadpbApplication.class, args);
    }

}
> 4.运行之后控制台




2023-01-14 19:37:49.762  INFO 17392 --- [           main] c.e.demoladpb.DemoLadpbApplication       : Starting DemoLadpbApplication using Java 11.0.15.1 on husky with PID 17392 (C:\Users\tibird\Desktop\yunyiwork\spring-ldap-main\demoLADPB\target\classes started by tibird in C:\Users\tibird\Desktop\yunyiwork\spring-ldap-main\demoLADPB)
2023-01-14 19:37:49.766  INFO 17392 --- [           main] c.e.demoladpb.DemoLadpbApplication       : No active profile set, falling back to 1 default profile: "default"
2023-01-14 19:37:50.950  INFO 17392 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2023-01-14 19:37:50.958  INFO 17392 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2023-01-14 19:37:50.958  INFO 17392 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.68]
2023-01-14 19:37:51.062  INFO 17392 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2023-01-14 19:37:51.062  INFO 17392 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1233 ms
2023-01-14 19:37:51.194  INFO 17392 --- [           main] s.s.l.DefaultSpringSecurityContextSource : Configure with URL ldap://192.xxx.0.xxxx:389/dc=nas,dc=hrp,dc=com and root DN dc=nas,dc=hrp,dc=com
2023-01-14 19:37:51.286  INFO 17392 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@513b52af, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5a8c93, org.springframework.security.web.context.SecurityContextPersistenceFilter@42aae04d, org.springframework.security.web.header.HeaderWriterFilter@3d19d85, org.springframework.security.web.csrf.CsrfFilter@204abeff, org.springframework.security.web.authentication.logout.LogoutFilter@7da31a40, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3003827c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1e3e1014, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@3bed3315, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@575e572f, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6cbe7d4d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@119b0892, org.springframework.security.web.session.SessionManagementFilter@68ed3f30, org.springframework.security.web.access.ExceptionTranslationFilter@135a8c6f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3dc95b8b]
2023-01-14 19:37:51.599  INFO 17392 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2023-01-14 19:37:51.611  INFO 17392 --- [           main] c.e.demoladpb.DemoLadpbApplication       : Started DemoLadpbApplication in 2.325 seconds (JVM running for 3.357)
2023-01-14 19:38:00.526  INFO 17392 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-01-14 19:38:00.526  INFO 17392 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2023-01-14 19:38:00.527  INFO 17392 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2023-01-14 19:38:00.782  WARN 17392 --- [nio-8080-exec-1] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] to

> 5.登录界面

img

6.输入账号密码之后变成了上图有,
控制台无反应
现在我不确定连上DAP没有,以及不知道怎么解决这个问题

  • 写回答

6条回答 默认 最新

  • bug菌¹ 优质创作者: Java、算法与数据结构技术领域 2023-01-14 20:55
    关注

    这个我来回答一下,若有帮助,还望采纳,点击回答右侧采纳即可,谢谢。
    针对spring security报Bad credentials错误,默认情况下:用户名或者密码错误都会报Bad credentials错误,如果发生这个错误,先检查用户名和密码是否输入正确;或者对比下存入用户到数据库时使用的加密算法,和spring security中配置的加密算法是否一致。
    附spring security明文和密文配置片段:
    密文配置片段(以bcrypt加密算法为例,具体根据自己存储数据库时使用的加密算法为准):

    <!-注入到需要使用加密的bean中-->
<bean class="com.itheima.security.UserService" id="userService">
        <property name="passwordEncoder" ref="passwordEncoder"/>
</bean>

<!--配置密码加密对象(加密类型,可以不使用BCrypt,换做md5等加密算法也可
以,具体要看自己存入数据库密码时使用的什么加密算法,那么我们校验时要使用相
同的加密算法)-->
<bean id="passwordEncoder" 
      class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<!--认证管理器,用于处理认证操作-->
<security:authentication-manager>
  <!--认证提供者,执行具体的认证逻辑(此处配置自己的bean)-->
  <security:authentication-provider user-service-ref="userService">
    <!--指定密码加密策略-->
    <security:password-encoder ref="passwordEncoder" />
  </security:authentication-provider>
</security:authentication-manager>

    明文配置片段(项目中不会使用):

     <!--
        authentication-manager:认证管理器,用于处理认证操作
    -->
    <security:authentication-manager>
        <!--
            authentication-provider:认证提供者,执行具体的认证逻辑
        -->
        <security:authentication-provider>
            <!--
                user-service:用于获取用户信息,提供给authentication-provider进行认证
            -->
            <security:user-service>
                <!--
                    user:定义用户信息,可以指定用户名、密码、角色,真实情况下我们需要从数据库查询用户信息
                  {noop}:表示当前使用的密码为明文
                -->
                <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN">
                  </security:user>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
    评论 编辑记录

报告相同问题?

问题事件

  • 系统已结题 1月22日
  • 创建了问题 1月14日