[英]securing an application with spring security and LDAP
I am very new to spring security.我对春季安全很陌生。 I want to implement it in my spring boot application with LDAP.我想在我的 Spring Boot 应用程序中使用 LDAP 实现它。 Whenever I try to understand the concepts of security, i end up in confused state.每当我试图理解安全的概念时,我都会陷入混乱的状态。 can somebody suggest me a guide or give me a gist of what spring security does.有人可以给我推荐一个指南,或者给我一个关于 Spring Security 做什么的要点。 In my project, am using only spring security and LDAP.在我的项目中,我只使用 spring security 和 LDAP。 What I observe is, spring boot creates it's own login page and once the user is authenticated, it sets a cookie called JSESSIONID and for further requests, it is using that session Id only.We can clear that session id during logout.我观察到的是,spring boot 创建它自己的登录页面,一旦用户通过身份验证,它就会设置一个名为 JSESSIONID 的 cookie,对于进一步的请求,它只使用该会话 ID。我们可以在注销期间清除该会话 ID。 But I also heard the concept of token base authentication, so am not sure if I want to use that or not.但是我也听说过基于令牌的身份验证的概念,所以不确定是否要使用它。 The secured URLs are called from a external angular application.从外部角度应用程序调用受保护的 URL。 Can someone help ..有人可以帮忙吗..
You can use Spring Security LDAP.您可以使用 Spring Security LDAP。
Add these dependencies to your pom.xml:将这些依赖添加到你的 pom.xml 中:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency>
And then you have to create a configuration class:然后你必须创建一个配置类:
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
Please find the whole guide here:请在此处找到整个指南:
https://spring.io/guides/gs/authenticating-ldap/ https://spring.io/guides/gs/authenticating-ldap/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.