堆栈内存溢出
  简体   繁体   English

使用 Spring Security 和 LDAP 保护应用程序

[英]securing an application with spring security and LDAP

 原文  2019-12-13 09:47:55       spring/ spring-boot/ spring-security/ ldap

问题描述

I am very new to spring security.我对春季安全很陌生。 I want to implement it in my spring boot application with LDAP.我想在我的 Spring Boot 应用程序中使用 LDAP 实现它。 Whenever I try to understand the concepts of security, i end up in confused state.每当我试图理解安全的概念时,我都会陷入混乱的状态。 can somebody suggest me a guide or give me a gist of what spring security does.有人可以给我推荐一个指南,或者给我一个关于 Spring Security 做什么的要点。 In my project, am using only spring security and LDAP.在我的项目中,我只使用 spring security 和 LDAP。 What I observe is, spring boot creates it's own login page and once the user is authenticated, it sets a cookie called JSESSIONID and for further requests, it is using that session Id only.We can clear that session id during logout.我观察到的是,spring boot 创建它自己的登录页面,一旦用户通过身份验证,它就会设置一个名为 JSESSIONID 的 cookie,对于进一步的请求,它只使用该会话 ID。我们可以在注销期间清除该会话 ID。 But I also heard the concept of token base authentication, so am not sure if I want to use that or not.但是我也听说过基于令牌的身份验证的概念,所以不确定是否要使用它。 The secured URLs are called from a external angular application.从外部角度应用程序调用受保护的 URL。 Can someone help ..有人可以帮忙吗..

1 个解决方案

解决方案1
 0  2019-12-13 15:04:19

You can use Spring Security LDAP.您可以使用 Spring Security LDAP。

Add these dependencies to your pom.xml:将这些依赖添加到你的 pom.xml 中:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.ldap</groupId>
    <artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
    <groupId>com.unboundid</groupId>
    <artifactId>unboundid-ldapsdk</artifactId>
</dependency>

And then you have to create a configuration class:然后你必须创建一个配置类:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userDnPatterns("uid={0},ou=people")
        .groupSearchBase("ou=groups")
        .contextSource()
          .url("ldap://localhost:8389/dc=springframework,dc=org")
          .and()
        .passwordCompare()
          .passwordEncoder(new LdapShaPasswordEncoder())
          .passwordAttribute("userPassword");
  }

}

Please find the whole guide here:请在此处找到整个指南:

https://spring.io/guides/gs/authenticating-ldap/ https://spring.io/guides/gs/authenticating-ldap/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security - 用于多租户应用程序的OAuth,LDAP集成 - Spring Security - OAuth, LDAP Integration for multitenant application 使用 Spring Security 保护 REST 微服务 - Securing REST microservices with Spring Security 使用Spring Security保护RESTful API - Securing RESTful api with Spring Security Spring Security:保护URL和参数 - Spring Security: Securing URL and Parameters 使用Spring Security保护GWT Servlet - Securing GWT servlets with Spring Security 使用Spring Security保护REST API - Securing REST API with Spring Security Spring Security和LDAP身份验证 - Spring Security and LDAP authentication Spring Security LDAP连接 - Spring security LDAP connection Spring Security和多个LDAP - Spring Security and multiple LDAP 春季安全性ldap - Spring Security ldap
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM