使用CAS和LDAP在Grails中使用Spring Security

Question

使用CAS和LDAP在Grails中使用Spring Security

10G*_*per 2 grails cas ldap spring-security

我正在尝试在Grails中设置Spring Security以对CAS进行身份验证并对LDAP进行授权.我找到了几个例子(我现在有大约20个浏览器标签打开),但没有一个回答整个问题.大多数示例是Grails + CAS或Grails + LDAP,但没有Grails + CAS + LDAP的示例.

Answer 1

10G*_*per 8

所以我得到了它的工作,并没有那么糟糕,但我希望我先看到@ cantoni的例子.这会让这很容易.我的设置比他简单一点,所以我会在这里添加它.

安装Spring Security Core,CAS和LDAP插件.重要提示:直到spring-security-cas:1.0.5更新,我不会尝试使用新的spring-security-core:2.0-RC2和spring-security-ldap:2.0-RC2.CAS插件似乎不适用于它们.

    plugins {
    ....
    //security
    compile ":spring-security-core:1.2.7.3"
    compile ":spring-security-cas:1.0.5"
    compile ":spring-security-ldap:1.0.6"
    ...
    }

Run Code Online (Sandbox Code Playgroud)

如果您还没有使用daoAuthenticationProvider,则不需要运行quickstart命令,但我不是.

在Config.groovy中配置core和cas插件

//Spring Security Core Config
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider'] 
grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/**': ['hasAnyRole("ROLE_OPERATOR","ROLE_ADMIN")']
]

//Spring Security CAS Config
grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = 'http://server.company.com:8080/app-name/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://sso.company.com/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://server.company.com:8080/app-name/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'

Run Code Online (Sandbox Code Playgroud)

可以去掉rejectIfNoRule,securityConfigType以及interceptUrlMap如果你想使用的,而不是拦截的地图注解.

配置userDetailsService以在resources.groovy中委托给LDAP

// load ldap roles from spring security
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
    "ldap://123.45.67.89:389"){
    userDn = "myLdapUser"
    password = "myLdapPwd"
}

ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
    "DC=foo,DC=company,DC=com", "sAMAccountName={0}", initialDirContextFactory){

}

ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
    initialDirContextFactory,"OU=foo,DC=bar,DC=company,DC=com"){
      groupRoleAttribute = "cn"
      groupSearchFilter = "member={0}"
      searchSubtree = true
      rolePrefix = "ROLE_"
      convertToUpperCase = true
      ignorePartialResultException = true
}

userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,ldapUserSearch,ldapAuthoritiesPopulator){
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	12 年，10 月前
查看次数：	3404 次
最近记录：	12 年，7 月前