2020年10月8日 23:23:51go评论115阅读模式

英文:

LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 - using Spring tools

问题

你好，我正在使用以下代码来在托管在Tomcat上的Spring工具中对应用程序进行身份验证。

这是我正在运行的代码：

    package com.pp.portal;
    
    import java.io.File;
    import java.io.InputStream;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.util.FileCopyUtils;
    
    @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    	
    	@Override
    	protected void configure(HttpSecurity http) throws Exception {
    	    http
    	      .authorizeRequests()
    	        .anyRequest().fullyAuthenticated()
    	        .and()
    	      .formLogin();
    	}
    
    	@Override
    	public void configure(AuthenticationManagerBuilder auth) throws Exception {
    		File jks = File.createTempFile("cacerts", "jks");
    	    jks.deleteOnExit();
    	        
    	    try (InputStream fromJks = WebSecurityConfig.class.getResource("/cacerts.jks").openStream()) {
    	        FileCopyUtils.copy(FileCopyUtils.copyToByteArray(fromJks), jks);
    	    }
    	 
    	    System.setProperty("javax.net.ssl.trustStore", jks.getPath());
    	    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    	      
    		auth
    	        .ldapAuthentication()
    	        .userSearchFilter("(&(sAMAccountName={0})(memberOf=CN=SG_LoginHistoryApp_Operators,OU=Security*Groups*-*NEW,OU=Secured*Groups,OU=Administration,DC=Domain,DC=uk,DC=dc))")
    	        .contextSource()
    	        .url("ldaps://ldapserver.domain.uk.dc:636")
    	        .managerDn("CN=ldap,OU=Accounts,OU=Users,OU=Adapt,DC=Domain,DC=uk,DC=dc")
    	        .managerPassword("mangerPassword"); 
    	}
    }

这是我收到的错误：

    [LDAP: 错误代码 49 - 80090308: LdapErr: DSID-0C090446，注释：AcceptSecurityContext 错误，数据 52e，v2580]；嵌套异常为 javax.naming.AuthenticationException: [LDAP: 错误代码 49 - 80090308: LdapErr: DSID-0C090446，注释：AcceptSecurityContext 错误，数据 52e，v2580]

我正在寻求解决此问题的建议，所使用的凭据对于登录的用户和帐户都是正确的。

英文:

Hello I am using the following code to authenticate an application in spring tools which is hosted on a Tomcat.

This is the code I am running:

package com.pp.portal;

import java.io.File;
import java.io.InputStream;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.util.FileCopyUtils;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Override
	  protected void configure(HttpSecurity http) throws Exception {
	    http
	      .authorizeRequests()
	        .anyRequest().fullyAuthenticated()
	        .and()
	      .formLogin();
	  }

	  @Override
	  public void configure(AuthenticationManagerBuilder auth) throws Exception {
		  File jks = File.createTempFile(&quot;cacerts&quot;, &quot;jks&quot;);
	        jks.deleteOnExit();
	        
	        try (InputStream fromJks = WebSecurityConfig.class.getResource(&quot;/cacerts.jks&quot;).openStream()) {
	            FileCopyUtils.copy(FileCopyUtils.copyToByteArray(fromJks), jks);
	        }
	 
	        System.setProperty(&quot;javax.net.ssl.trustStore&quot;, jks.getPath());
	        System.setProperty(&quot;javax.net.ssl.trustStorePassword&quot;, &quot;changeit&quot;);
	      
			auth
	        .ldapAuthentication()
	            .userSearchFilter(&quot;&amp;(sAMAccountName={0})(memberOf=CN=SG_LoginHistoryApp_Operators,OU=Security*Groups*-*NEW,OU=Secured*Groups,OU=Administration,DC=Domain,DC=uk,DC=dc)&quot;)
	            .contextSource()
	                .url(&quot;ldaps://ldapserver.domain.uk.dc:636&quot;)
	                .managerDn(&quot;CN=ldap,OU=Accounts,OU=Users,OU=Adapt,DC=Domain,DC=uk,DC=dc&quot;)
	                .managerPassword(&quot;mangerPassword&quot;); 

	  }
	 

}

This is the error I am getting back:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]

I am looking for suggestions on how to remedy this, credentials used are correct for both, user I am using to log in and account being used.

答案1

得分: 1

我有同样的问题和错误代码。
在我的情况下，用户的密码不再有效。有一个选项，密码在 x 天后会失效。你有检查过吗？

英文:

I had the same problem and error code.

In my case the password for the user was no more valid. There is an option that the passwords invalidate after x days. Did you check that?

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

LDAP: error code 49 – 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 – using Spring tools

问题

答案1

org.apache.camel.FailedToStartRouteException: 由于空值原因，无法启动route1路由。

无效的Java语句

Android glide在Android 4.X中无法加载图片。

Android如何获取甚至负时区的UTC时区偏移

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论