我有一个Spring应用程序。它总是在websphere自由中给我这个错误。这是我的登录设置。xml用于Spring Security。
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- ===== SECURITY CONFIGURATION ===== -->
<!-- All requests matching pattern below will bypass the security filter chain completely -->
<security:http pattern="/image/**" security="none"/>
<!-- security:http pattern="/login.jsp*" security="none" / -->
<!-- Defines who can access each URL. -->
<!--
Spring Security 3.0 introduced the ability to use Spring EL expressions as an authorization mechanism in addition to the simple use
of configuration attributes and access-decision voters which have seen before. Expression-based access control is built on the same
architecture but allows complicated boolean logic to be encapsulated in a single expression.
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
-->
<security:http auto-config="true" use-expressions="true">
<!-- URL restrictions (order is important!) Most specific matches should be at top -->
<!-- Don't set any role restrictions on login.jsp. Any requests for the login page should be available for anonymous users -->
<security:intercept-url pattern="/login.jsp*" access="isAuthenticated()" />
…
似乎未启用对登录页面的匿名访问。这几乎肯定是一个错误。请检查您的配置是否允许对配置的登录页面进行未经身份验证的访问。(模拟访问被拒绝:org.springframework.security.access.AccessDeniedException:访问被拒绝)
我已经配置了LDAP,但我不知道如何将LDAP设置与服务器身份验证联系起来,就像WAS 7.0全局安全激活一样,因此应用程序无法进行身份验证。
有人可以给我进一步的信息,说明安全设置中的访问ID与LDAP Realm的关系。
<jaasLoginContextEntry id="system.WEB_INBOUND" loginModuleRef="HashLogin, certificate, hashtable, token, userNameAndPassword" name="system.WEB_INBOUND"/>
<jaasLoginContextEntry id="WSLogin" loginModuleRef="WSLoginId, certificate, hashtable, token, userNameAndPassword" name="WSLoginId" />
<jaasLoginModule id="WSLoginId" className="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl" libraryRef="${com.ibm.ws.security.wim.*}"></jaasLoginModule>
</server>
我已经查看了 Liberty 概要文件文档,所以我希望获得更详细的信息,然后将我链接到 IBM 文档,因为我已经在互联网上阅读了这些信息和一些信息,并且已经用尽了我可以查找的所有资源,因此我真的非常感谢更详细的解释,这将解释如何像WAS 7.0那样实现全局安全性和应用程序安全支持,就像我们配置时所做的那样原机中的 LDAP 存储库。我的 LDAP 是微软活动目录。我的应用程序安全性由Spring容器处理。
作为资源,我看了这个,但这似乎没有帮助。
如何在webphere自由配置文件中将安全角色映射到ldap组
下面是如何定义Liberty配置文件中的access-id,假设LDAP服务器定义的领域名称为server.xml.中的ldapRealm
<!- Sample LDAP definition -->
<ldapRegistry id="TivoliLdap" host="myHost.rtp.raleigh.ibm.com" realm="ldapRealm" port="389" ldapType="IBM Tivoli Directory Server" ignoreCase="false" baseDN="o=mycompany,c=us">
</ldapRegistry>
<!-- Application binding sample for using access-id attribute for user or group element -->
<application-bnd>
<security-role name="Employee">
<user name="Bob" access-id="user:ldapRealm/Bob"/>
<group ame="developers" access-id="group:ldapRealm/developers"/>
</security-role>
</application-bnd>
