使用Spring安全性的java LDAP over TLS
我正在尝试通过TLS实现LDAP,但遇到以下异常:
There was an unexpected error (type=Internal Server Error, status=500).
simple bind failed: greater.com.au:636; nested exception is
javax.naming.CommunicationException: simple bind failed: greater.com.au:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]
我知道这与服务器证书的CA没有被导入我的Java信任存储有关。它实际上被导入到我的信任存储中,我使用以下属性引用信任存储:
server.ssl.trust-store=C:\truststore.jks
server.ssl.trust-store-password=changeit
我的安全配置如下:
@Configuration
@Order(99)
@ConfigurationProperties("ad")
public class ActiveDirectorySecurityConfig extends WebSecurityConfigurerAdapter {
@Setter
private String domain;
@Setter
private String url;
@Setter
@Value("${ad.authorities.allowed}")
private String authorities;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**")
.hasAnyAuthority(authorities)
.and()
.csrf().disable()
.formLogin();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
}
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(domain, url);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}
通过大量调试,SSLContext可能没有正确加载我的信任存储。所以我的问题是,我可以在哪里使用我已有的配置设置连接到SSL上下文,以便成功创建TLS连接
共 (0) 个答案