[英]Grails 3 Spring Security LDAP Plugin and Tomcat 8
我有一個外部的YML文件,其中包含grails的一些配置。 在此文件中,添加的配置之一是grails spring security ldap插件。 我的配置如下:
---
grails:
plugin:
springsecurity:
ldap:
context:
managerDn: 'uid=admin,ou=system'
managerPassword: 'secret'
server: 'ldap://localhost:10389'
authorities:
groupSearchBase: 'ou=Groups,dc=c3cen,dc=com'
retreiveGroupRoles: true
retreiveDatabaseRoles: false
groupSearchFilter: 'member={0}'
search:
base: 'ou=Users,dc=c3cen,dc=com'
password:
algoritham: 'SHA-256'
interceptUrlMap: [
{pattern: '/', access: ['permitAll']},
{pattern: '/error', access: ['permitAll']},
{pattern: '/index', access: ['permitAll']},
{pattern: '/index.gsp', access: ['permitAll']},
{pattern: '/shutdown', access: ['permitAll']},
{pattern: '/assets/**', access: ['permitAll']},
{pattern: '/**/js/**', access: ['permitAll']},
{pattern: '/**/css/**', access: ['permitAll']},
{pattern: '/**/images/**', access: ['permitAll']},
{pattern: '/**/favicon.ico', access: ['permitAll']},
{pattern: '/login/**', access: ['permitAll']},
{pattern: '/logout/**', access: ['permitAll']}
]
---
我在常規(由grails quick config提供)應用程序yml文件中也有一些屬性。 該文件僅包含:
grails:
plugin:
springsecurity:
securityConfigType: 'InterceptUrlMap'
providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']
我通過重寫Application.groovy類中的setEnvironment方法來在grails中加載外部配置。 它看起來如下:
@Override
void setEnvironment(Environment environment) {
try {
String configPath = System.getenv("local.config.location")
def ymlConfig = new File(configPath)
Resource resourceConfig = new FileSystemResource(ymlConfig)
YamlPropertiesFactoryBean ypfb = new YamlPropertiesFactoryBean()
ypfb.setResources(resourceConfig)
ypfb.afterPropertiesSet()
Properties properties = ypfb.getObject()
environment.propertySources.addFirst(new PropertiesPropertySource("local.config.location", properties))
} catch (Exception e) {
log.error("unable to load the external configuration file", e)
}
}
當我在grails中發出run-app命令並將其部署到我的嵌入式tocat時,一切都會按預期進行。 當我手動部署到本地tomcat時,我在firefox中收到“頁面無法正確重定向”錯誤。
注意:我已通過日志語句確認兩個tomcat服務器正在讀取外部文件。 奇怪的是,正在注入屬性,但是屬性被默認提供的字符串覆蓋。 例如:dc = example顯示在search.base中,但在上面的代碼中,您可以清楚地看到它位於'ou = Users,dc = c3cen,dc = com'中。 注意,這兩個都存在,但是我猜測默認值會覆蓋自定義屬性。
我需要在本地(非嵌入式)Tomcat服務器上進行其他更改以使外部屬性正常工作嗎? 我試過改變application.yml(外部的)的位置無濟於事。
我在這里注意到的奇怪部分是interceptUrlMap是唯一無法從外部YML文件加載的調用。 由於這是當時用於靜態路由的文檔中唯一提供的方法,我采取了不同的路線。 (使用外部groovy配置而不是yml配置)
這是我為使LDAP插件能夠進行外部配置而做的事情的清單。 首先,我確保我的應用程序啟動運行類(Application.groovy)實現了EnvironmentAware。 我重寫了setEnvironemnt方法,如下所示:
@Override
void setEnvironment(Environment environment) {
try {
String configPath = System.getenv("local.config.location")
def configFile = new File(configPath)
def config = new ConfigSlurper().parse(configFile.toURI().toURL())
environment.propertySources.addFirst(new MapPropertySource("externalGroovyConfig", config))
} catch (Exception e) {
log.error("unable to load the external configuration file", e)
}
}
接下來,我創建了一個application.groovy文件,並將其放在備用位置(不在我的項目中)我的application.groovy文件,現在看起來如下:
grails.plugin.springsecurity.ldap.context.managerDn = 'uid=admin,ou=system'
grails.plugin.springsecurity.ldap.context.managerPassword = 'secret'
grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:10389/'
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=c3cen,dc=com'
grails.plugin.springsecurity.ldap.authorities.retreiveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retreiveDatabaseRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.search.base = 'ou=Users,dc=c3cen,dc=com'
grails.plugin.springsecurity.password.algoritham = 'SHA-256'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']]
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.