2

I'm trying to use spring security 4 with ldap. it works fine for the LDAP who as the basic authentication system. If I try to connect to a system that uses GSS no longer works. I think it is normal and should be specified using GSS somewhere. But where?

Below is the xml file security

<?xml version="1.0" encoding="UTF-8"?>
<beans:bean xmlns="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.1.xsd
    ">

    <!-- This is where we configure Spring-Security  -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/" access="permitAll" />
        <intercept-url  pattern="/login" access="permitAll" />
        <intercept-url  pattern="/logout" access="isAuthenticated()" />
        <intercept-url  pattern="/user**" access="hasAuthority('1')" />


        <access-denied-handler error-page="/403" />
        <form-login
                login-page="/login"
                default-target-url="/planning"
                authentication-failure-url="/login?error"
                username-parameter="username"
                password-parameter="password"
                authentication-success-handler-ref="customLdapAuthenticationSuccessHandler"
        />
        <logout logout-url="/logout" logout-success-url="/login?logout" />

    </http>


    <ldap-server   url="ldap://192.168.2.100/DC=ciro,DC=local,DC=it?one?(objectClass=*)" manager-dn="cn=Administrator,dc=web-gate,dc=local,dc=it"  manager-password="PLAIN PWD" />

    <authentication-manager>
        <ldap-authentication-provider
                group-search-base="ou=groups">
        </ldap-authentication-provider>
    </authentication-manager>
</beans:bean>
ciro
  • 771
  • 1
  • 8
  • 30

1 Answers1

0

Spring LDAP has never supported the GSSAPI SASL mechanism. Luckily, you can use my library to do that with Spring LDAP. The configuration is straight forward.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • thanks for answer but doc not explain how integrate your lib in mu sprin security xml config file...or simple i not found it.. can you telle me more please? – ciro Jul 13 '16 at 18:15
  • Spring Security requires a `ContextSource`. This is what my lib offers to you with GSS-API authentication. If you plan to authenticate via Kerbeors AND look up users via LDAP. You should look at my other lib and how wrap it with Spring Security: http://tomcatspnegoad.sourceforge.net/spring-security.html. If you need sample `beans.xml`, let me know. – Michael-O Jul 13 '16 at 18:49