其他分享
首页 > 其他分享> > Spring Security LDAP配置

Spring Security LDAP配置

作者:互联网

我正在使用Spring Security,并希望使用注释了解Spring Active Directory LDAP的配置.我需要将我的项目与我的工作场所的LDAP服务器连接起来.

解决方法:

@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth
         .authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }



/** To configure LDAP SERVER **/

        @Bean
        public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

            ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);

            provider.setConvertSubErrorCodesToExceptions(true);
            provider.setUseAuthenticationRequestCredentials(true);
            provider.setUserDetailsContextMapper(userDetailsContextMapper());


            return provider;
        }

        @Bean
        public UserDetailsContextMapper userDetailsContextMapper() {
            UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
            return contextMapper;
        }

        /** End configuration of LDAP SERVER **/    


    }``

public class LdapSecuredUser extends User实现LdapUserDetails {

/**
 * 
 */


@Autowired
private IUserService userService;

User newUser=new User();



public LdapSecuredUser(User u) {
    newUser=u;
    if (u != null) {

        this.setEmailId(u.getEmailId());
        this.setUserGroups(u.getUserGroups());
        System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities() 
                +" ");

    }
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    Collection<GrantedAuthority> authorities = new ArrayList<>();


    Set<Permission> permissions = new HashSet<Permission>(0);
    for (UserGroup userGroup : newUser.getUserGroups()){
        System.out.println(userGroup.getUserGroupName());
        for(Permission permission : userGroup.getPermissions()){
            permissions.add(permission);
        }
    }

    if (permissions != null) {
        for (Permission permission : permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
                    permission.getPermissionName());
            authorities.add(authority);
        }
    }
    return authorities;
}

@Override
public String getUsername() {
    return super.getEmailId();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

@Override
public String getDn() {
    return null;
}

}

public class AttributesLDAPUserDetailsContextMapper
实现UserDetailsContextMapper {

/**
 * 
 */


 private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();

@Autowired
private IUserService userService;

@Autowired
private IUserGroupService usergroupService;

   @Override
    public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
    {
        InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
        User u = userService.findByEmailIdEquals(userLdap.getUsername());

        String databaseUserNameCheching=userLdap.getUsername();



        if (u == null)
        {
                u = new User();
                List<UserGroup> myGroupList=new ArrayList<UserGroup>();
                UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
                myGroupList.add(usergroup);
                Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
                u.setUserGroups(userGroups);
                u.setEmailId(userLdap.getUsername());
                userService.save(u);
                return  new LdapSecuredUser(u);
        }
        u.setEmailId(userLdap.getUsername());
        String emailId=userLdap.getUsername();
        u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));

        userService.save(u);
        for (UserGroup grantedAuthoritya : u.getUserGroups()) {
            System.out.println(grantedAuthoritya.getUserGroupName());
        };

        return  new LdapSecuredUser(u);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
    {
        ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
    }

}

上面的代码是针对Active目录完成的,其中不需要contextsource.搜索ldap属性时不需要显式查询.对我来说它有效.

标签:security,spring,active-directory,ldap,spring-ldap
来源: https://codeday.me/bug/20190528/1171421.html