[英]How to use Spring Ldap Authentication
In my current project, I have to implement LDAP authentication. 在我当前的项目中,我必须实现LDAP身份验证。 I am using JSF 2.2, primefaces and Spring 4.0 and spring-ldap-core 1.3.2 and spring-security-ldap-3.2.0.
我正在使用JSF 2.2,primefaces和Spring 4.0以及spring-ldap-core 1.3.2和spring-security-ldap-3.2.0。 Below are the work till now I have done to achieve:
以下是迄今为止我所做的工作:
Spring-Ldap.xml 弹簧Ldap.xml
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://mumcXXXXXXX" />
<property name="base" value="dc=ad,dc=XXX,dc=com"/>
<property name="userDn" value="XXXX@ad.XXX.com" />
<property name="password" value="XXXX" />
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="ldapContact"
class="com.csap.research.LDAPContactDAO">
<property name="ldapTemplate" ref="ldapTemplate" />
</bean>
My LdapContactDao 我的LdapContactDao
public boolean login(String username, String password) {
AndFilter filter = new AndFilter();
ldapTemplate.setIgnorePartialResultException(true);
filter.and(new EqualsFilter("userPrincipalName", username+"@ad.cXXX.com"));
return ldapTemplate.authenticate("", filter.toString(), password);
}
Here username and password are coming from Login screen as inputs. 此处,用户名和密码来自登录屏幕作为输入。 My problem is its very hardcoded.
我的问题是它非常硬编码。 I dont want to hardcode username and password in Spring-Ldap.xml , So there was a suggestion to use Spring-security-Ldap here Spring LdapAuthentication and Load roles from local database but I was unable to understand it.
我不想在Spring-Ldap.xml中硬编码用户名和密码 ,所以有人建议在这里使用Spring-security-Ldap Spring LdapAuthentication和从本地数据库加载角色但我无法理解它。
My question was how I can achieve dynamic integration of Ldap with spring and corse JSF i am using as a front-end controller. 我的问题是如何实现Ldap与spring和corse的动态集成,我将其用作前端控制器。 Any help would be great.
任何帮助都会很棒。
I found these article helpful for setting up login form with spring security, however, they do not use jsf: 我发现这些文章有助于使用spring security设置登录表单,但是,他们不使用jsf:
http://www.mkyong.com/spring-security/spring-security-hello-world-example/ http://www.mkyong.com/spring-security/spring-security-form-login-example/ http://www.mkyong.com/spring-security/spring-security-hello-world-example/ http://www.mkyong.com/spring-security/spring-security-form-login-example/
and found this article helpful for using ldap as authentication provider, it does not use ldapTemplate, but uses the spring-security configurations (spring-security.xml in the article) 并且发现本文对于使用ldap作为身份验证提供程序很有帮助,它不使用ldapTemplate,而是使用spring-security配置(文章中的spring-security.xml)
http://krams915.blogspot.com/2011/01/spring-security-mvc-using-ldap.html http://krams915.blogspot.com/2011/01/spring-security-mvc-using-ldap.html
This is how I am using LDAP for authentication: 这就是我使用LDAP进行身份验证的方式:
Import Maven dependencies 导入Maven依赖项
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>4.0.2.RELEASE</version> </dependency>
Write your implementation of WebSecurityConfigurerAdapter
: 编写
WebSecurityConfigurerAdapter
的实现:
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final String SSO_HEADER = "AUTH_USER"; public static final String ADMIN = "ROLE_ADMIN"; public static final String USER = "ROLE_USER"; public static final String ANONYMOUS = "ROLE_ANONYMOUS"; @Autowired Environment env; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**","/js/**","/images/**","/fonts/**","/api/**","/sendRedirect/**","/test/**").permitAll() .anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login") .failureUrl("/login?error").permitAll() .and() .logout() .deleteCookies("remove") .invalidateHttpSession(true) .logoutUrl("/logout") .logoutSuccessUrl("/login?logout") .and() // Cross-site request forgery is turned off for RESTful API calls with the assumption that // authentication will be sufficient protection .csrf().ignoringAntMatchers("/api/**", "/space/{\\\\d+}/**", "/admin/**"); } @Override public AuthenticationManager authenticationManagerBean() throws Exception { return authenticationManager(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Autowired Environment env; @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication().userDnPatterns("cn={0}") .contextSource(contextSource()); } @Bean public LdapContextSource contextSource() { LdapContextSource contextSource = new LdapContextSource(); contextSource.setUrl(env.getRequiredProperty("ldap.url")); contextSource.setBase(env.getRequiredProperty("ldap.base")); contextSource.setUserDn(env.getRequiredProperty("ldap.username")); contextSource.setPassword(env.getRequiredProperty("ldap.password")); return contextSource; } } }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.