Spring Security OAuth2和Ldap认证到同一资源
[英]Spring Security OAuth2 and Ldap authentication to the same resourse
问题描述
I have Spring Boot 2 REST application, and I want to configure Spring Security to support Google Sign-In OR LDAP authentication to the same resourses(/employees for example) 
我有Spring Boot 2 REST应用程序,我想配置Spring Security以支持对相同资源的Google登录或LDAP身份验证(例如/员工)
I've already done authentication through httpBasic(which connects to the Apache AD LDAP server). 我已经通过httpBasic(连接到Apache AD LDAP服务器)完成了身份验证。
Also I've set up authentication through Google OAuth2 Sign-In. 我还通过Google OAuth2登录设置了身份验证。 Both of this configurations work correct separatly(I can authenticate via Google Sign-In, but can't with LDAP at the same time, because I have to recofingure spring security), and now I need the ability to authenticate with both of this ways at the same time. 这两种配置分别正确(我可以通过Google登录进行身份验证,但不能同时使用LDAP进行身份验证,因为我必须重新确认Spring安全性),现在我需要能够通过这两种方式进行身份验证与此同时。
My Spring Security configuration for LDAP auth 我的用于LDAP身份验证的Spring Security配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator)
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url(env.getProperty("spring.ldap.urls") + env.getProperty("spring.ldap.base"))
.and()
.passwordCompare()
.passwordAttribute("userPassword")
.passwordEncoder(new LdapShaPasswordEncoder());
}
And this how it looks when I reconfigure Spring Security for Google OAuth2 Sign-In 这就是我为Google OAuth2登录重新配置Spring Security时的样子
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.userInfoEndpoint().oidcUserService(customOAuth2UserService);
}
The result I need: user have two options: authenticate with Oauth2, or, if he wants, with httpBasic LDAP, no matter which way. 我需要的结果是:用户有两个选择:使用Oauth2进行身份验证,或者,如果需要,使用httpBasic LDAP进行身份验证,无论采用哪种方式。
I think there is a way to configure Spring Security so OAuth2 and httpBasic LDAP works together, but I don't know ho to do it. 我认为有一种方法可以配置Spring Security,因此OAuth2和httpBasic LDAP可以协同工作,但我不知道这样做。
1 个解决方案
解决方案1
0 已采纳 2019-05-15 08:59:36
It is possible. 有可能的。
Basic authentication uses basic where as oauth uses bearer as part of header authorization header. 基本身份验证使用基本身份,因为oauth使用承载作为标头授权标头的一部分。
We can use custom request matcher to detect basic authentication and authenticate with ldap. 我们可以使用自定义请求匹配器来检测基本身份验证并使用ldap进行身份验证。 If not it'll will flow through oauth. 如果不是它将通过oauth流动。
Firstly, order the WebSecurityConfigurerAdapter higher than the Oauth authentication server , 首先,将WebSecurityConfigurerAdapter命令高于Oauth身份验证服务器,
@Configuration
@Order(2)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
Use our custom request mapper , 使用我们的自定义请求映射器,
http
.csrf()
.disable()
.requestMatcher(new BasicRequestMatcher())
.authorizeRequests()
.antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
Custom request matcher , 自定义请求匹配器,
private static class BasicRequestMatcher implements RequestMatcher {
@Override
public boolean matches(HttpServletRequest request) {
String auth = request.getHeader("Authorization");
return (auth != null && auth.startsWith("Basic"));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.