[英]Configure ldap in grails 2.2.4 spring security core 2.0?
我目前正在將我的應用與ldap公司集成。 雖然我能夠使應用程序實際在ldap上檢查用戶的身份驗證,但用戶無法克服spring security ROLES配置。 即時消息:“抱歉,您無權查看此頁面。” 每次我嘗試進入具有@Secured([[ROLE_USER'])的頁面時。 我想知道如何在LDAP上添加每個用戶以擁有ROLE_USER,以便他能夠完全使用應用程序。
我的ldap配置非常簡單:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.context.server = "SOME LDAP ADRESS"
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Employees,O=*****,C=****'
grails.plugin.springsecurity.ldap.search.base = 'O=****,C=****'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.search.attributesToReturn = null
而Spring安全核心是默認之一:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'amelinium1.grails.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'amelinium1.grails.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'amelinium1.grails.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/**': ['permitAll'],
'/**/systeminfo': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll']]
grails.plugin.springsecurity.logout.postOnly = false
http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/single.pdf上提供的文檔似乎不是最新的,即使它適用於Spring Security Core的2.0版本。 我試圖實現Custom GrailsUser和GrailsUserDetailsService,但它們似乎並未與其余插件融合。(基於文檔的實現)。
任何人都可以通過一些有關如何在最新版本2.0-RC2中實現LDAP的信息為我指明正確的方向?
編輯
我的CustomUserDetailsService類,但不確定是否為LDAP配置正確:
class CustomUserDetailsService implements GrailsUserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User.withTransaction { status ->
User user = User.findByUsername(username)
if (!user) throw new UsernameNotFoundException('User not found', username)
def authorities = user.authorities.collect {new GrantedAuthorityImpl(it.authority)}
return new CustomUserDetails(user.username, user.password, user.enabled,
!user.accountExpired, !user.passwordExpired,
!user.accountLocked, authorities ?: NO_ROLES, user.id,
user.firstName, user.lastName)
} as UserDetails
}
@Override
public UserDetails loadUserByUsername(String username, boolean loadRoles)
throws UsernameNotFoundException, DataAccessException {
return loadUserByUsername(username);
}
}
和CustomUserDetails類:
class CustomUserDetails extends GrailsUser{
final String firstName
final String lastName
CustomUserDetails(String username, String password, boolean enabled,
boolean accountNonExpired, boolean credentialsNonExpired,
boolean accountNonLocked,
Collection<GrantedAuthority> authorities,
long id, String firstName, String lastName) {
super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities, id)
this.firstName = firstName
this.lastName = lastName
}
}
問題是我無法從LDAP獲得除用戶名以外的其他信息作為ldap登錄。 希望在這里也能提供幫助。 在根據自定義類重新構造應用程序后,出現如下錯誤:沒有方法簽名:static org.springframework.security.core.userdetails.User.findByUsername()適用於參數類型:(java.lang.String)值:[海杜克]
默認情況下,Spring Security插件從數據庫獲取用戶和角色數據。 負責讀取用戶和角色數據的Spring bean名為userDetailsService
。 如果要從其他地方(例如LDAP)獲取用戶和角色數據,則只需用自己的Bean替換該Bean,例如
import org.springframework.security.core.userdetails.*
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.dao.DataAccessException
class LdapUserDetailsService implements UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
// load the user and their role(s) from LDAP by username and return their
// details as an instance of a class that implements the UserDetails interface
}
}
不要忘記在resources.groovy
中將此類注冊為Spring bean。
userDetailsService(LdapUserDetailsService)
有一些插件將Spring Security與LDAP集成在一起,但是我想自己做,因為它很簡單。 該文檔提供了一個自定義UserDetailsService
的示例 。 請注意,在編寫自己的UserDetailsService
/ UserDetails
實現時,不必擴展任何特定的類,並且出於調試目的,直接實現接口可能會更容易。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.