如何使用 Spring LDAP 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21555280/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use Spring Ldap Authentication
提问by arvin_codeHunk
In my current project, I have to implement LDAP authentication. I am using JSF 2.2, primefaces and Spring 4.0 and spring-ldap-core 1.3.2 and spring-security-ldap-3.2.0. Below are the work till now I have done to achieve:
在我当前的项目中,我必须实现 LDAP 身份验证。我正在使用 JSF 2.2、primefaces 和 Spring 4.0 以及 spring-ldap-core 1.3.2 和 spring-security-ldap-3.2.0。以下是迄今为止我为实现的目标所做的工作:
Spring-Ldap.xml
Spring-Ldap.xml
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://mumcXXXXXXX" />
<property name="base" value="dc=ad,dc=XXX,dc=com"/>
<property name="userDn" value="[email protected]" />
<property name="password" value="XXXX" />
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="ldapContact"
class="com.csap.research.LDAPContactDAO">
<property name="ldapTemplate" ref="ldapTemplate" />
</bean>
My LdapContactDao
我的 LdapContactDao
public boolean login(String username, String password) {
AndFilter filter = new AndFilter();
ldapTemplate.setIgnorePartialResultException(true);
filter.and(new EqualsFilter("userPrincipalName", username+"@ad.cXXX.com"));
return ldapTemplate.authenticate("", filter.toString(), password);
}
Here username and password are coming from Login screen as inputs. My problem is its very hardcoded. I dont want to hardcode usernameand passwordin Spring-Ldap.xml, So there was a suggestion to use Spring-security-Ldap here Spring LdapAuthentication and Load roles from local databasebut I was unable to understand it.
这里用户名和密码来自登录屏幕作为输入。我的问题是它非常硬编码。我不想在Spring-Ldap.xml 中对用户名和密码进行硬编码,因此建议在此处使用 Spring-security-Ldap Spring LdapAuthentication 和从本地数据库加载角色,但我无法理解。
My question was how I can achieve dynamic integration of Ldap with spring and corse JSF i am using as a front-end controller. Any help would be great.
我的问题是如何实现 Ldap 与作为前端控制器的 spring 和 corse JSF 的动态集成。任何帮助都会很棒。
回答by indybee
I found these article helpful for setting up login form with spring security, however, they do not use jsf:
我发现这些文章有助于使用 spring 安全设置登录表单,但是,它们不使用 jsf:
http://www.mkyong.com/spring-security/spring-security-hello-world-example/http://www.mkyong.com/spring-security/spring-security-form-login-example/
http://www.mkyong.com/spring-security/spring-security-hello-world-example/ http://www.mkyong.com/spring-security/spring-security-form-login-example/
and found this article helpful for using ldap as authentication provider, it does not use ldapTemplate, but uses the spring-security configurations (spring-security.xml in the article)
并发现这篇文章对使用 ldap 作为身份验证提供程序很有帮助,它不使用 ldapTemplate,而是使用 spring-security 配置(文章中的 spring-security.xml)
http://krams915.blogspot.com/2011/01/spring-security-mvc-using-ldap.html
http://krams915.blogspot.com/2011/01/spring-security-mvc-using-ldap.html
回答by Kul Bhushan Prasad
This is how I am using LDAP for authentication:
这就是我使用 LDAP 进行身份验证的方式:
Import Maven dependencies
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>4.0.2.RELEASE</version> </dependency>Write your implementation of
WebSecurityConfigurerAdapter:@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final String SSO_HEADER = "AUTH_USER"; public static final String ADMIN = "ROLE_ADMIN"; public static final String USER = "ROLE_USER"; public static final String ANONYMOUS = "ROLE_ANONYMOUS"; @Autowired Environment env; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**","/js/**","/images/**","/fonts/**","/api/**","/sendRedirect/**","/test/**").permitAll() .anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login") .failureUrl("/login?error").permitAll() .and() .logout() .deleteCookies("remove") .invalidateHttpSession(true) .logoutUrl("/logout") .logoutSuccessUrl("/login?logout") .and() // Cross-site request forgery is turned off for RESTful API calls with the assumption that // authentication will be sufficient protection .csrf().ignoringAntMatchers("/api/**", "/space/{\d+}/**", "/admin/**"); } @Override public AuthenticationManager authenticationManagerBean() throws Exception { return authenticationManager(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Autowired Environment env; @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication().userDnPatterns("cn={0}") .contextSource(contextSource()); } @Bean public LdapContextSource contextSource() { LdapContextSource contextSource = new LdapContextSource(); contextSource.setUrl(env.getRequiredProperty("ldap.url")); contextSource.setBase(env.getRequiredProperty("ldap.base")); contextSource.setUserDn(env.getRequiredProperty("ldap.username")); contextSource.setPassword(env.getRequiredProperty("ldap.password")); return contextSource; } } }
导入 Maven 依赖项
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>4.0.2.RELEASE</version> </dependency>编写您的实现
WebSecurityConfigurerAdapter:@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final String SSO_HEADER = "AUTH_USER"; public static final String ADMIN = "ROLE_ADMIN"; public static final String USER = "ROLE_USER"; public static final String ANONYMOUS = "ROLE_ANONYMOUS"; @Autowired Environment env; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**","/js/**","/images/**","/fonts/**","/api/**","/sendRedirect/**","/test/**").permitAll() .anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login") .failureUrl("/login?error").permitAll() .and() .logout() .deleteCookies("remove") .invalidateHttpSession(true) .logoutUrl("/logout") .logoutSuccessUrl("/login?logout") .and() // Cross-site request forgery is turned off for RESTful API calls with the assumption that // authentication will be sufficient protection .csrf().ignoringAntMatchers("/api/**", "/space/{\d+}/**", "/admin/**"); } @Override public AuthenticationManager authenticationManagerBean() throws Exception { return authenticationManager(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Autowired Environment env; @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication().userDnPatterns("cn={0}") .contextSource(contextSource()); } @Bean public LdapContextSource contextSource() { LdapContextSource contextSource = new LdapContextSource(); contextSource.setUrl(env.getRequiredProperty("ldap.url")); contextSource.setBase(env.getRequiredProperty("ldap.base")); contextSource.setUserDn(env.getRequiredProperty("ldap.username")); contextSource.setPassword(env.getRequiredProperty("ldap.password")); return contextSource; } } }
