堆棧內存溢出
  簡體   English   中英

Spring Security LDAP配置

[英]Spring Security LDAP Configuration

 原文  2015-02-16 07:07:06       spring/ security/ active-directory/ ldap/ spring-ldap

問題描述

我正在使用Spring Security,並希望使用注釋了解Spring Active Directory LDAP的配置。 我需要將我的項目與我的工作場所的LDAP服務器連接起來。

1 個解決方案

解決方案1
 6 已采納  2015-02-27 10:15:39

@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth
         .authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }



/** To configure LDAP SERVER **/

        @Bean
        public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

            ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);

            provider.setConvertSubErrorCodesToExceptions(true);
            provider.setUseAuthenticationRequestCredentials(true);
            provider.setUserDetailsContextMapper(userDetailsContextMapper());


            return provider;
        }

        @Bean
        public UserDetailsContextMapper userDetailsContextMapper() {
            UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
            return contextMapper;
        }

        /** End configuration of LDAP SERVER **/    


    }``

public class LdapSecuredUser extends User實現LdapUserDetails { 

/**
 * 
 */


@Autowired
private IUserService userService;

User newUser=new User();



public LdapSecuredUser(User u) {
    newUser=u;
    if (u != null) {

        this.setEmailId(u.getEmailId());
        this.setUserGroups(u.getUserGroups());
        System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities() 
                +" ");

    }
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    Collection<GrantedAuthority> authorities = new ArrayList<>();


    Set<Permission> permissions = new HashSet<Permission>(0);
    for (UserGroup userGroup : newUser.getUserGroups()){
        System.out.println(userGroup.getUserGroupName());
        for(Permission permission : userGroup.getPermissions()){
            permissions.add(permission);
        }
    }

    if (permissions != null) {
        for (Permission permission : permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
                    permission.getPermissionName());
            authorities.add(authority);
        }
    }
    return authorities;
}

@Override
public String getUsername() {
    return super.getEmailId();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

@Override
public String getDn() {
    return null;
}

}

public class AttributesLDAPUserDetailsContextMapper實現UserDetailsContextMapper { 

/**
 * 
 */


 private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();

@Autowired
private IUserService userService;

@Autowired
private IUserGroupService usergroupService;

   @Override
    public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
    {
        InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
        User u = userService.findByEmailIdEquals(userLdap.getUsername());

        String databaseUserNameCheching=userLdap.getUsername();



        if (u == null)
        {
                u = new User();
                List<UserGroup> myGroupList=new ArrayList<UserGroup>();
                UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
                myGroupList.add(usergroup);
                Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
                u.setUserGroups(userGroups);
                u.setEmailId(userLdap.getUsername());
                userService.save(u);
                return  new LdapSecuredUser(u);
        }
        u.setEmailId(userLdap.getUsername());
        String emailId=userLdap.getUsername();
        u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));

        userService.save(u);
        for (UserGroup grantedAuthoritya : u.getUserGroups()) {
            System.out.println(grantedAuthoritya.getUserGroupName());
        };

        return  new LdapSecuredUser(u);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
    {
        ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
    }

}

上面的代碼是針對Active目錄完成的,其中不需要contextsource。 搜索ldap屬性時不需要顯式查詢。 對我來說它有效。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 如何在 spring 中測試 LDAP 安全配置? Spring安全性配置來認證ldap用戶 應用服務器啟動時的Spring Security LDAP配置BeanCreationException Spring Security LDAP身份驗證,無需在配置文件中指定身份驗證詳細信息 Grails Spring Security LDAP 具有LDAP和TokenBasedRememberMeServices的Spring Security 3 Spring Security LDAP連接 Spring Security和多個LDAP 春季安全性ldap Spring Security和LDAP身份驗證
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM