Authentification LDAP avec Spring Security

**tiamo** · 23/08/2012, 12h51

Bonjour à tous,

J'ai voulu assurer l'authentification des utilisateurs LDAP (qui existent sous LDAP) en utilisant Spring Security.

J'ai configuré le fichier XML comme suit :

Code xml :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:security="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context" 
	xmlns:lang="http://www.springframework.org/schema/lang"
 
	xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    	http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security-3.0.xsd
      	http://www.springframework.org/schema/context
      	http://www.springframework.org/schema/context/spring-context-3.0.xsd">
 
	<!-- ******************************************************************** -->
	<!-- This context file was generated and is not intended to be changed manually. -->
	<!-- ******************************************************************** -->
<!-- Stratégie de Sécurité : ressources et Remember me -->
 
 <security:http auto-config="true" access-denied-page="/viewsGMP2/accessDenied.jsf">
  <security:intercept-url pattern="/viewsGMP2/login2.jsf*"
   filters="none" />
  <security:intercept-url pattern="../framGraphique/xte-style-gmp.css"
   filters="none" />
   <security:intercept-url pattern="../framGraphique/images/**"
   filters="none" />
   <security:intercept-url pattern="/viewsGMP2/login.jsf*"
   filters="none" />
   <security:form-login  login-processing-url="/j_spring_security_check"
            login-page="/viewsGMP2/login.jsf"
            default-target-url="/viewsGMP2/Accueil1.jsf"
   authentication-failure-url="/viewsGMP2/login2.jsf" />
  <security:logout logout-success-url="/viewsGMP2/login.jsf" />
 
  <security:intercept-url pattern="/viewsGMP2/**"
   access="ROLE_PARTICIPANT,ROLE_FORMATEUR,ROLE_MAINTENANCE,ROLE_COMMERCIAL,ROLE_ADMIN" />
 
 </security:http>
                 <!-- Authentification via base de données -->
	<beans:bean id="myUserDetailsService"
		class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
		<beans:property name="dataSource" ref="dataSource" />
 
		<beans:property name="usersByUsernameQuery"
			value="SELECT utilisateursLogin as username, utilisateursMotDePasse ,enabled , utilisateursNom , utilisateursPrenom FROM utilisateurs WHERE utilisateursLogin = ?" />
 
		<beans:property name="authoritiesByUsernameQuery"
			value="SELECT utilisateursLogin as username, role FROM roles WHERE utilisateursLogin = ?" />
	</beans:bean>
 
 
 
  <!-- authenticate the user with ldapAuthenticator using userSearch -->
 
  <beans:bean id = "contextSource"
         class = "org.springframework.security.ldap.DefaultSpringSecurityContextSource">
   <beans:constructor-arg value="ldap://192.168.198.131:389/dc=xtensus,dc=com"/>
   <beans:property name="userDn" value="cn=admin,dc=xtensus,dc=com"/>
   <beans:property name="password" value="ikhlass"/>
 </beans:bean>
 
 <beans:bean id = "ldapAuthProvider"
         class = "org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
   <beans:constructor-arg>
     <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
       <beans:constructor-arg ref="contextSource"/>
       <beans:property name="userDnPatterns">
         <beans:list> <beans:value> uid = {0}, ou = people </beans:value> </beans:list>
      </beans:property>
     </beans:bean>
   </beans:constructor-arg>
   <beans:constructor-arg>
     <beans:bean id="userDetailsService" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
       <beans:constructor-arg ref="contextSource"/>
       <beans:constructor-arg value="ou=Groups"/>
       <beans:property name="groupRoleAttribute" value="ou"/>
     </beans:bean>
   </beans:constructor-arg>
 
 </beans:bean>
 <security:authentication-manager>
         <security:ldap-authentication-provider 
           user-search-filter="(uid={0})"
           user-search-base="ou=people"
           group-search-filter="(uniqueMember={0})"
           group-search-base="ou=Groups"
           group-role-attribute="cn"
           role-prefix="ROLE_">
         </security:ldap-authentication-provider>
 </security:authentication-manager>
 </beans:beans>

Je ne sais pas si je dois avoir en plus une classe où le fichier de configuration est suffisant ?

J'obtiens comme résultat avec cette configuration :

access denied

lorsque je m'authentifie avec un utilisateur existant dans LDAP.

Merci d'avance.

Authentification LDAP avec Spring Security

Spring Java

Mode arborescent

Discussions similaires

Partager

Partager