stackoom
  简体   繁体   中英

How to handle user information with Spring Security, Spring LDAP, and Hibernate?

 原文  2011-08-02 19:43:59       java/ hibernate/ spring/ ldap

Question

I have an application built on Spring MVC that uses Hibernate for all of it's DB interaction needs. There is now a need to update the application to use our LDAP infrastructure to drive the user information, including basic user data, such as name and email, as well as authentication and authorization needs as well.

Since everything has been in one spot (the DB) up to now, the reports are all fairly straightforward, since Hibernate is managing retrieval of information as needed when starting with the required queries. Grabbing the users' name, etc. is very simple, since Hibernate loads the data lazily.

With the desire to drive the user information with LDAP, Hibernate will no longer be able to populate the user information on the fly, since it won't be managing the users' data. How should we use LDAP to drive the user data and deal with authentication / authorization without causing to much pain when we need to grab user data like Name, etc.?

We have considered using a hybrid approach where LDAP is treated as the "source" for the data and the current system is left as-is. This would require changes to the transaction processing code to update against LDAP so that the live transaction is using up-to-date information, and also a periodic sync against LDAP to keep the application DB up-to-date for reporting purposes.

This solution seems a bit hacky, and seems to have a lot of moving parts, but I could not find much on this subject elsewhere on the web.

How should user information be handled / how should the app be structured so that all of the user information is still easily accessible and can be easily tied to the rest of the system for reporting purposes? Is there a way to integrate Spring LDAP and Hibernate so that layers above the data layer don't have to know? Or is pulling the info from LDAP into the existing database the easiest way to go?

1 answers

solution1
 1 ACCPTED  2011-08-04 10:46:11

If you can not drop the user table at all, because it is used from other entities, then my suggestion is to separete the security stuff from the business stuff.

This mean remove the only for security needed information from the user table (login, password, ...), so that only the stuff remains that is needed to implement the buiness cases.

Then rewrite the security stuff so that is is based on the LDAP. I guess you find a way to get the user data base object for an given prinipal.

Only one thing will remain, how to create new user database entities if a new person get a new login. You have 3 choices, what is the best one strongly depends on your application:

  • Create the database entity if the users first login
  • Create the database entity if you first need it
  • Create the database entity when it is created in the LDAO (or some minites later) for example with an cron job, or some Spring Scheduling service.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to handle user information after login succeed in Spring Security Spring Security User Information How to authenticate a user from LDAP based on mail and by uid with spring Security? How to get additional user attributes from LDAP in Spring Security? How to Map AD Groups to User Role Spring Security LDAP Spring security configuration to authenticate ldap user Spring 3, Spring Security, LDAP, How do I add roles to LDAP? LDAP authentication with Spring Security Spring Security and LDAP authentication Accessing Spring Security Threadlocal user information from outside of spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM