在我们的新保险项目中,我试图用Ldap active-directory实现spring-security.
一旦用户在AD中找到,我想在AD上检查用户名/密码.我想从用户表(app授权用户)授权他在数据库中具有访问级别.有人可以提供样品/指出我的资源.
最佳答案
现在实现这一目标的最简单方法(Spring Security 3.2.5.RELEASE)是通过实现@R_404_6268@LdapAuthoritiesPopulator,它使用@R_404_6268@JdbcDaoImpl从数据库中获取权限.
码
假设您使用的是the default database schema,并且您在LDAP中使用相同的用户名进行身份验证,并且在权限表中使用外键,则只需要:
package demo;
import java.sql.ResultSet;
import java.sql.sqlException;
import java.util.Collection;
import java.util.List;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
/*
* You need to extend JdbcDaoImpl to expose the protected method loadUserAuthorities.
*/
public class CustomJdbcUserDetailsService extends JdbcDaoImpl {
@Override
public List现在唯一剩下的就是配置LDAP身份验证提供程序以使用CustomLdapAuthoritiesPopulator.
Java配置
在GlobalConethodSecurityConfiguration或WebSecurityConfigurerAdapter的@Configuration注释子类中(根据您的情况而定),添加以下内容:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/* other authentication configurations you might have */
/*
* This assumes that the dataSource configuring
* the connection to the database has been Autowired
* into this bean.
*
* Adapt according to your specific case.
*/
CustomJdbcUserDetailsService customJdbcUserDetailsService = new CustomJdbcUserDetailsService();
customJdbcUserDetailsService.setDataSource(dataSource);
CustomLdapAuthoritiesPopulator customLdapAuthoritiesPopulator = new CustomLdapAuthoritiesPopulator(customJdbcUserDetailsService);
auth.ldapAuthentication().ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator)/* other LDAP configurations you might have */;
/* yet more authentication configurations you might have */
}
有关工作示例,请参阅https://github.com/pfac/howto-spring-security.
XML配置
免责声明:我一直专注于Java配置,所以谨慎行事,可能会有一些错误.
与使用LDAP进行身份验证的其他配置不同,似乎没有漂亮的XML标记来@R_404_6268@LdapAuthoritiesPopulator.所以,它必须手动完成.假设已定义bean contextSource配置与LDAP服务器的连接,请将以下内容添加到Spring XML配置中:
ecurity.ldap.authentication.LdapAuthenticationProvider">
ecurity.ldap.authentication.BindAuthenticator">
figurations you might need
-->
ecurity:authentication-manager>
ecurity:authentication-provider ref="ldapAuthProvider" />
ecurity:authentication-manager>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
