堆棧內存溢出
  簡體   English   中英

Spring Security 3 Active Directory身份驗證,數據庫授權

[英]Spring Security 3 Active Directory Authentication, Database Authorization

 原文  2012-02-10 14:02:58       spring/ authentication/ active-directory/ spring-security

問題描述

我正在嘗試通過AD身份驗證來訪問我的應用程序,並從數據庫中獲取授權角色。

這是我的配置 

<beans:bean id="activeDirectoryAuthenticationProvider"
        class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="mydomain" />
    <beans:constructor-arg value="ldap://my URL :389" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>

我試圖添加 

  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="myUserDetailsService"/>
    </beans:bean>
  </beans:constructor-arg>

但這沒用。 有什么幫助嗎?

非常感謝!!

3 個解決方案

解決方案1
 3 已采納  2012-02-10 22:49:25

ActiveDirectoryLdapAuthenticationProvider不使用LdapAuthoritiesPopulator (檢查API的構造函數)。

您可以使用委派模型,在該模型中,您包裝提供程序並分別加載權限,然后返回包含它們的新令牌: 

public class MyAuthoritySupplementingProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;

    public MyAuthoritySupplementingProvider(AuthenticationProvider delegate) {
        this.delegate = delegate;
    }

    public Authentication authenticate(Authentication authentication) {
        final Authentication a = delegate.authenticate(authentication);

        // Load additional authorities and create an Authentication object
        final List<GrantedAuthority> authorities = loadRolesFromDatabaseHere(a.getName());

        return new AbstractAuthenticationToken(authorities) {
            public Object getCredentials() {
                throw new UnsupportedOperationException();
            }

            public Object getPrincipal() {
                return a.getPrincipal();
            }
        };
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return delegate.supports(authentication);
    }
}

該課程是最終的,主要是由於我對Active Directory的基本知識以及人們希望使用它的不同方式。

解決方案2
 1  2014-08-21 03:40:07

讓我們分成兩部分。 第一個是您的Spring Security xml配置,第二個部分將覆蓋Spring Security提供的UserContextMapper。

您的安全xml配置為 

<bean id="adAuthenticationProvider"
    class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
   <constructor-arg value="my.domain.com" />
    <constructor-arg value="ldap://<adhostserver>:<port>/" />
    <property name="convertSubErrorCodesToExceptions" value="true" />
    <property name="userDetailsContextMapper" ref="myUserDetailsContextMapper" />
</bean>

<bean id="myUserDetailsContextMapper" class="com.mycompany.sme.workflow.controller.MyDbAuthorizationFetcher">
<property name="dataSource" ref="dataSource" />

MyDbAuthorizationFetcher是您將在其中實現UserContextMapper類以從數據庫獲取授權的類。 

public class MyDbAuthorizationFetcher implements UserDetailsContextMapper {

private JdbcTemplate jdbcTemplate;
@Autowired
private DataSource dataSource;

public JdbcTemplate getJdbcTemplate() {
    return jdbcTemplate;
}

public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
    this.jdbcTemplate = jdbcTemplate;
}

public DataSource getDataSource() {
    return dataSource;
}

public void setDataSource(DataSource dataSource) {
    this.dataSource = dataSource;
}

// populating roles assigned to the user from AUTHORITIES table in DB
private List<SimpleGrantedAuthority> loadRolesFromDatabase(String username) {

    DbRole role = new DbRole();
    String sql = "select * from user where user_id = ?";
    jdbcTemplate = new JdbcTemplate(getDataSource());
    role = jdbcTemplate.queryForObject(sql, new Object[] { username }, new DbRoleMapper());


    try {
        dataSource.getConnection().setAutoCommit(true);
    } catch (SQLException e) {

    }
    List<SimpleGrantedAuthority> authoritiess = new ArrayList<SimpleGrantedAuthority>();
    SimpleGrantedAuthority auth = new SimpleGrantedAuthority(String.valueOf(role.getRoleId()));
    authoritiess.add(auth);
    return authoritiess;

   }

@Override
public UserDetails mapUserFromContext(DirContextOperations ctx,
        String username, Collection<? extends GrantedAuthority> authorities) {

    List<SimpleGrantedAuthority> allAuthorities = new ArrayList<SimpleGrantedAuthority>();
      for (GrantedAuthority auth : authorities) {
        if (auth != null && !auth.getAuthority().isEmpty()) {
           allAuthorities.add((SimpleGrantedAuthority) auth);
        }
      }
      // add additional roles from the database table
      allAuthorities.addAll(loadRolesFromDatabase(username));
      return new User(username, "", true, true, true, true, allAuthorities);
}

@Override
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
    // TODO Auto-generated method stub
}

}

解決方案3
 0  2014-03-20 10:08:56

需要在AbstractAuthenticationToken中將authenticated標志設置為true,除非未將其視為成功

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 使用數據庫進行spring安全認證和授權 使用cas進行Spring Security身份驗證但是使用數據庫進行授權 具有AD身份驗證和數據庫授權的Spring安全性 使用spring-security進行活動目錄身份驗證 使用活動目錄的Spring Security身份驗證失敗 Spring Security Active Directory LDAP 身份驗證錯誤 使用Spring Security進行授權和認證 具有Active Directory和數據庫角色的Spring Security 在Spring Security中如何進行LDAP身份驗證和數據庫授權 如何在Spring安全性中進行LDAP身份驗證和數據庫授權?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM