弹簧安全 spnego ldap jwt
[英]spring security spnego ldap jwt
问题描述
I have a complex situation where I need to implement a security for web app on tomcat 8 that serve both static html and rest services.
我有一个复杂的情况,我需要在 tomcat 8 上为 web 应用程序实现安全性,该应用程序同时提供静态 html 和休息服务。 the app is spring mvc application (no spring boot)该应用程序是 spring mvc 应用程序(没有 spring boot)
the authntication ( sso ) process will go as follow:身份验证 ( sso ) 过程如下:
if user jwt not exist in http header then authonticate with ldap, getting user authorities from db and create jwt back to user.如果 http 标头中不存在用户 jwt,则使用 ldap 进行身份验证,从数据库获取用户权限并创建 jwt 返回给用户。
if jwt exist in header, skip ldap filtering , extract the user authorities from token.如果头中存在 jwt,则跳过 ldap 过滤,从令牌中提取用户权限。
I was thinking of first servlet filter that uses spnego library and get the windows domain name (user name to use in ldap) that filter will also check to see if ldap authontication is needed ( if token not provided) and pass it back to spring filter chine through http params..我正在考虑使用 spnego 库的第一个 servlet 过滤器并获取 Windows 域名(在 ldap 中使用的用户名),该过滤器还将检查是否需要 ldap 身份验证(如果未提供令牌)并将其传递回 spring 过滤器通过http params ..
I'm struggling to implement he ideal.我正在努力实现他的理想。 please help.请帮忙。
thanks谢谢
1 个解决方案
解决方案1
0 2017-10-13 10:07:13
As I know, there is support for LDAP in spring security, might be it will help you.据我所知,spring security 支持 LDAP,可能会对您有所帮助。 Other than that, if you want to write your own filters then you have to add those in spring security filter chain.除此之外,如果您想编写自己的过滤器,则必须将它们添加到 spring 安全过滤器链中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.