stackoom
  简体   繁体   中英

Vaadin and Spring, authentication against Active Directory via LDAP

 原文  2014-06-02 14:09:56       java/ spring/ active-directory/ ldap/ vaadin7

Question

I am trying to authenticate against AD in my application created with Vaadin, which is using also Spring (SpringVaadinIntegration).

I can't find any information about how to achieve this and a lot of confusing, different and partial ways to connect to Active Directory with Spring security. Since Vaadin form fields don't have a name, I don't know if I can even use a normal form or I have to write my own JSP. My impression is that to map the username and the password entered in the form to the xml it's necessary that the fields have a name.

Has anybody achieved this or anybody has a clue on how to do it?

If somebody can provide a link where this is explained step by step, for dummies, would be great too. I just can find partial solutions, where you don't get an overall of the system and how should be configured.

2 answers

solution1
 1 ACCPTED  2014-08-06 10:01:14

We have a TextField (username), a PasswordField (password) and a Button on a UI : 

public class MyUI extends UI {
    @Override
    protected void init( VaadinRequest request ) {
        setContent( VaadinSession.getCurrent().getAttribute("userId") == null ? getNewLoginLayout() : getNewMainLayout() );
    }
    private VerticalLayout getNewLoginLayout() {
        TextField username = ...
        TextField password = ...
        Button login = ...
        return new VerticalLayout(username, password, login);
    }
}

When the button pushed we do a simple LDAP search like this on the server side (for example pass these parameters to a Spring bean). If it is successful we set a VaadinSession attribute (userId) and change the UI content to the main layout. Spring security need not necessarily.

solution2
 0  2016-06-16 12:59:38

Even this question is already answered I want to show you my solution.

We use Spring Security for LDAP authentication, so we have these two configuration classes: 

@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        // @formatter:off
        http
            .authorizeRequests()
                .anyRequest().authenticated() // Alle Requests erfordern einen Login...
                .and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/#!").permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-form
                .and()
            .logout().permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-logout
                .and()
            .csrf().disable(); // CSRF (https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html) wird von Vaadin selbst gehandhabt!
        // @formatter:on
    }

    /**
     * @see http://stackoverflow.com/questions/34944617/java-config-for-spring-security-with-vaadin/35212403#35212403
     */
    @Override
    public void configure(WebSecurity web) throws Exception
    {
        // @formatter:off
        web
            .ignoring()
                .antMatchers("/resources/**", "/VAADIN/**");
        // @formatter:on
    }
}

@Configuration
public class SecurityConfigActiveDirectory
{
    @Value("${ldap.url}")
    String ldapUrl;

    @Value("${ldap.domain}")
    String ldapDomain;

    @Bean
    public AuthenticationManager authenticationManager()
    {
        ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(ldapDomain, ldapUrl);
        adProvider.setConvertSubErrorCodesToExceptions(true);
        adProvider.setUseAuthenticationRequestCredentials(true);
        adProvider.setAuthoritiesMapper(getAuthorityMapper());
        return new ProviderManager(Arrays.asList(adProvider));
    }

    private static SimpleAuthorityMapper getAuthorityMapper()
    {
        SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
        mapper.setConvertToUpperCase(true);
        return mapper;
    }
}

SecurityConfig class defines which pages should be protected in our web application and SecurityConfigActiveDirectory defines the LDAP authentication provider.

ldap.domain can be something like private.myTest.de and ldap.url something like ldap://myLdapHost.private.myTest.de:389 .

Cheers!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question FastBind for authentication against Active Directory using Spring LDAP Change Active Directory Password Via Spring LDAP How to authenticate against Active Directory via LDAP over TLS? Authenticating via LdapExtLoginModule against Active Directory Forest (LDAP_REFERRAL) Compare old password against an active directory using LDAP Spring Spring security 2.0.5 LDAP authentication setup w/Active Directory Spring Security Active Directory LDAP Authentication without full name Active Directory LDAP Authentication with Tomcat What are the accepted SECURITY_PRINCIPAL formats for LDAP Authentication against Active Directory? Java Authentication against Active Directory, authentication mismatch?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM