LDAP连接springboot报错Bad credentials
今天一个需求springboot连接LDAP(外接服务器),让用户访问时进行验证账号密码,然后授权登录,但是解决完之后登录用户报bug
Bad credentials,实在不懂
1.引入依赖
org.springframework.boot</groupId>
spring-boot-starter-security</artifactId>
</dependency>
org.springframework.security</groupId>
spring-security-ldap</artifactId>
</dependency>
org.springframework.boot</groupId>
spring-boot-starter-web</artifactId>
</dependency>
org.springframework.ldap</groupId>
spring-ldap-core</artifactId>
</dependency>
com.unboundid</groupId>
unboundid-ldapsdk</artifactId>
</dependency>
> 2.configuration
`
```java
EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Bean
public LdapContextSource ldapContextSource(){
LdapContextSource source = new LdapContextSource();
source.setBase("dc=nas,dc=hrp,dc=com");
source.setUrl("ldap://192.xx.0.xxx:389/dc=xx,dc=xxx,dc=com");
source.setPassword("123456");
source.setUserDn("uid=root,cn=users,dc=xx,dc=xxx,dc=com");
return source;
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://192.xx.0.xxx:389/dc=xx,dc=xxx,dc=com") // 此处指定了LDAP服务器路径,端口号为我们自定义的8388
.managerDn("uid=root,cn=users,dc=xx,dc=xxx,dc=com")
.managerPassword("123456")
.and()
.passwordCompare()
.passwordAttribute("userPassword");
}
}
> 3.controller和
```java
@Controller
public class Controller1 {
@GetMapping("/hello")
public String get1(){
return "返回值";
}
}
@SpringBootApplication
public class DemoLadpbApplication {
public static void main(String[] args) {
SpringApplication.run(DemoLadpbApplication.class, args);
}
}
> 4.运行之后控制台
2023-01-14 19:37:49.762 INFO 17392 --- [ main] c.e.demoladpb.DemoLadpbApplication : Starting DemoLadpbApplication using Java 11.0.15.1 on husky with PID 17392 (C:\Users\tibird\Desktop\yunyiwork\spring-ldap-main\demoLADPB\target\classes started by tibird in C:\Users\tibird\Desktop\yunyiwork\spring-ldap-main\demoLADPB)
2023-01-14 19:37:49.766 INFO 17392 --- [ main] c.e.demoladpb.DemoLadpbApplication : No active profile set, falling back to 1 default profile: "default"
2023-01-14 19:37:50.950 INFO 17392 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2023-01-14 19:37:50.958 INFO 17392 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2023-01-14 19:37:50.958 INFO 17392 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.68]
2023-01-14 19:37:51.062 INFO 17392 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2023-01-14 19:37:51.062 INFO 17392 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1233 ms
2023-01-14 19:37:51.194 INFO 17392 --- [ main] s.s.l.DefaultSpringSecurityContextSource : Configure with URL ldap://192.xxx.0.xxxx:389/dc=nas,dc=hrp,dc=com and root DN dc=nas,dc=hrp,dc=com
2023-01-14 19:37:51.286 INFO 17392 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@513b52af, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5a8c93, org.springframework.security.web.context.SecurityContextPersistenceFilter@42aae04d, org.springframework.security.web.header.HeaderWriterFilter@3d19d85, org.springframework.security.web.csrf.CsrfFilter@204abeff, org.springframework.security.web.authentication.logout.LogoutFilter@7da31a40, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3003827c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1e3e1014, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@3bed3315, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@575e572f, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6cbe7d4d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@119b0892, org.springframework.security.web.session.SessionManagementFilter@68ed3f30, org.springframework.security.web.access.ExceptionTranslationFilter@135a8c6f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3dc95b8b]
2023-01-14 19:37:51.599 INFO 17392 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2023-01-14 19:37:51.611 INFO 17392 --- [ main] c.e.demoladpb.DemoLadpbApplication : Started DemoLadpbApplication in 2.325 seconds (JVM running for 3.357)
2023-01-14 19:38:00.526 INFO 17392 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-01-14 19:38:00.526 INFO 17392 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2023-01-14 19:38:00.527 INFO 17392 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2023-01-14 19:38:00.782 WARN 17392 --- [nio-8080-exec-1] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] to
> 5.登录界面
6.输入账号密码之后变成了上图有,
控制台无反应
现在我不确定连上DAP没有,以及不知道怎么解决这个问题
这个我来回答一下,若有帮助,还望采纳,点击回答右侧采纳即可,谢谢。
针对spring security报Bad credentials错误,默认情况下:用户名或者密码错误都会报Bad credentials错误,如果发生这个错误,先检查用户名和密码是否输入正确;或者对比下存入用户到数据库时使用的加密算法,和spring security中配置的加密算法是否一致。
附spring security明文和密文配置片段:
密文配置片段(以bcrypt加密算法为例,具体根据自己存储数据库时使用的加密算法为准):
<!-注入到需要使用加密的bean中-->
<bean class="com.itheima.security.UserService" id="userService">
<property name="passwordEncoder" ref="passwordEncoder"/>
</bean>
<!--配置密码加密对象(加密类型,可以不使用BCrypt,换做md5等加密算法也可
以,具体要看自己存入数据库密码时使用的什么加密算法,那么我们校验时要使用相
同的加密算法)-->
<bean id="passwordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<!--认证管理器,用于处理认证操作-->
<security:authentication-manager>
<!--认证提供者,执行具体的认证逻辑(此处配置自己的bean)-->
<security:authentication-provider user-service-ref="userService">
<!--指定密码加密策略-->
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
明文配置片段(项目中不会使用):
<!--
authentication-manager:认证管理器,用于处理认证操作
-->
<security:authentication-manager>
<!--
authentication-provider:认证提供者,执行具体的认证逻辑
-->
<security:authentication-provider>
<!--
user-service:用于获取用户信息,提供给authentication-provider进行认证
-->
<security:user-service>
<!--
user:定义用户信息,可以指定用户名、密码、角色,真实情况下我们需要从数据库查询用户信息
{noop}:表示当前使用的密码为明文
-->
<security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN">
</security:user>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
望采纳!!!点击回答右侧采纳即可!看起来你的代码基本是正确的,"Bad credentials"错误通常意味着用户名或密码错误。 您需要检查你是否在连接到正确的LDAP服务器,并确保你使用正确的用户名和密码。
您还可以尝试将log级别设置为debug,并在控制台中查看LDAP身份验证过程中的详细信息。
logging.level.org.springframework.security=DEBUG
望采纳!!!点击回答右侧采纳即可!看起来你的代码基本是正确的,"Bad credentials"错误通常意味着用户名或密码错误。 您需要检查你是否在连接到正确的LDAP服务器,并确保你使用正确的用户名和密码。
您还可以尝试将log级别设置为debug,并在控制台中查看LDAP身份验证过程中的详细信息。
难道你不怀疑下,你的账号和密码被改动过吗?
这个问题首先需要排查前端请求后端的响应是什么,可以在浏览器F12看下network(网络)中的请求与响应。
可参考:https://blog.csdn.net/qq_41950229/article/details/98479327