Loading groups from LDAP using Spring Security
我需要授予LDAP中属于某个组(ABCD)的用户的访问权限。我能够通过Spring LDAP安全性成功进行身份验证,但是由于某些原因,组成员身份未加载。尝试登录时出现" 403访问被拒绝"错误。我验证了该用户的组未填充到"权限"中。
1 | SecurityContextHolder.getContext().getAuthentication().getAuthorities(); |
有没有一种方法可以将用户组加载到授权中?这是我的Spring安全配置。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <security:http auto-config="true" use-expressions="true"> <security:intercept-url pattern="/js/**" access="true" /> <security:intercept-url pattern="/css/**" access="true" /> <security:intercept-url pattern="/images/**" access="true" /> <security:intercept-url pattern="/**" access="hasRole('ABCD')" /> </security:http> <security:ldap-server id="ldapServer" url="${ldap.url}" /> <security:authentication-manager alias="authenticationManager"> <security:ldap-authentication-provider server-ref="ldapServer" user-dn-pattern="uid={0},ou=people,o=xxxx.com" group-search-base="ou=groups,o=xxxx.com" /> </security:authentication-manager> |
应该是这样的:
1 2 3 4 5 6 7 8 | <security:ldap-server id="ldapServer" url="${ldap.url}/o=xxxx.com" /> <security:authentication-manager alias="authenticationManager"> group-search-filter="member={0}" group-search-base="ou=groups" user-search-base="ou=people" user-search-filter="uid={0}" </security:authentication-manager> |
您遇到的主要问题是
请参阅Spring Security Sample。