Spring Security LDAP配置

Question

I am working on Spring Security and want to know the configuration of Spring Active Directory LDAP using annotation. 我正在使用Spring Security，并希望使用注释了解Spring Active Directory LDAP的配置。 I need to connect my project with my workplace's LDAP server. 我需要将我的项目与我的工作场所的LDAP服务器连接起来。

Answer 1

@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth
         .authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }



/** To configure LDAP SERVER **/

        @Bean
        public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

            ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);

            provider.setConvertSubErrorCodesToExceptions(true);
            provider.setUseAuthenticationRequestCredentials(true);
            provider.setUserDetailsContextMapper(userDetailsContextMapper());


            return provider;
        }

        @Bean
        public UserDetailsContextMapper userDetailsContextMapper() {
            UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
            return contextMapper;
        }

        /** End configuration of LDAP SERVER **/    


    }``

public class LdapSecuredUser extends User implements LdapUserDetails { public class LdapSecuredUser extends User实现LdapUserDetails {

/**
 * 
 */


@Autowired
private IUserService userService;

User newUser=new User();



public LdapSecuredUser(User u) {
    newUser=u;
    if (u != null) {

        this.setEmailId(u.getEmailId());
        this.setUserGroups(u.getUserGroups());
        System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities() 
                +" ");

    }
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    Collection<GrantedAuthority> authorities = new ArrayList<>();


    Set<Permission> permissions = new HashSet<Permission>(0);
    for (UserGroup userGroup : newUser.getUserGroups()){
        System.out.println(userGroup.getUserGroupName());
        for(Permission permission : userGroup.getPermissions()){
            permissions.add(permission);
        }
    }

    if (permissions != null) {
        for (Permission permission : permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
                    permission.getPermissionName());
            authorities.add(authority);
        }
    }
    return authorities;
}

@Override
public String getUsername() {
    return super.getEmailId();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

@Override
public String getDn() {
    return null;
}

} }

public class AttributesLDAPUserDetailsContextMapper implements UserDetailsContextMapper { public class AttributesLDAPUserDetailsContextMapper实现UserDetailsContextMapper {

/**
 * 
 */


 private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();

@Autowired
private IUserService userService;

@Autowired
private IUserGroupService usergroupService;

   @Override
    public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
    {
        InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
        User u = userService.findByEmailIdEquals(userLdap.getUsername());

        String databaseUserNameCheching=userLdap.getUsername();



        if (u == null)
        {
                u = new User();
                List<UserGroup> myGroupList=new ArrayList<UserGroup>();
                UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
                myGroupList.add(usergroup);
                Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
                u.setUserGroups(userGroups);
                u.setEmailId(userLdap.getUsername());
                userService.save(u);
                return  new LdapSecuredUser(u);
        }
        u.setEmailId(userLdap.getUsername());
        String emailId=userLdap.getUsername();
        u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));

        userService.save(u);
        for (UserGroup grantedAuthoritya : u.getUserGroups()) {
            System.out.println(grantedAuthoritya.getUserGroupName());
        };

        return  new LdapSecuredUser(u);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
    {
        ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
    }

} }

Above code is done for Active directory, in which there is no requirement of contextsource. 上面的代码是针对Active目录完成的，其中不需要contextsource。 no explicit query required in search of ldap attributes. 搜索ldap属性时不需要显式查询。 For me it worked. 对我来说它有效。

Spring Security LDAP配置

问题描述

1 个解决方案

解决方案1
6 已采纳 2015-02-27 10:15:39

Spring Security LDAP配置

问题描述

1 个解决方案

解决方案1 6 已采纳 2015-02-27 10:15:39

解决方案1
6 已采纳 2015-02-27 10:15:39