Dan*_*duk 0 grails spring ldap spring-security grails-plugin
我目前正致力于将我的应用程序与公司ldap集成.虽然我能够让应用程序实际检查ldap上的用户进行身份验证,但用户无法克服Spring安全性ROLES配置.我得到:"拒绝抱歉,您无权查看此页面." 每次我尝试输入@Secured(['ROLE_USER'])的页面.我想知道如何在LDAP上添加每个用户以获得ROLE_USER,以便他能够完全使用应用程序.
我的ldap配置非常简单:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.context.server = "SOME LDAP ADRESS"
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Employees,O=*****,C=****'
grails.plugin.springsecurity.ldap.search.base = 'O=****,C=****'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.search.attributesToReturn = null
Spring安全核心是默认核心:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'amelinium1.grails.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'amelinium1.grails.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'amelinium1.grails.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/**': ['permitAll'],
'/**/systeminfo': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll']]
grails.plugin.springsecurity.logout.postOnly = false
提供文档http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/single.pdf似乎不是最新的,即使是2.0版本的Spring Security核心.我试图实现Custom GrailsUser和GrailsUserDetailsService,但它们似乎与插件的其余部分混合在一起.(基于文档的实现).
任何人都可以向我指出正确的方向,并提供有关如何在最新版本2.0-RC2中实施LDAP的一些信息?
编辑
我的CustomUserDetailsService类,但我不确定它是否正确配置LDAP:
class CustomUserDetailsService implements GrailsUserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User.withTransaction { status ->
User user = User.findByUsername(username)
if (!user) throw new UsernameNotFoundException('User not found', username)
def authorities = user.authorities.collect {new GrantedAuthorityImpl(it.authority)}
return new CustomUserDetails(user.username, user.password, user.enabled,
!user.accountExpired, !user.passwordExpired,
!user.accountLocked, authorities ?: NO_ROLES, user.id,
user.firstName, user.lastName)
} as UserDetails
}
@Override
public UserDetails loadUserByUsername(String username, boolean loadRoles)
throws UsernameNotFoundException, DataAccessException {
return loadUserByUsername(username);
}
}
和CustomUserDetails类:
class CustomUserDetails extends GrailsUser{
final String firstName
final String lastName
CustomUserDetails(String username, String password, boolean enabled,
boolean accountNonExpired, boolean credentialsNonExpired,
boolean accountNonLocked,
Collection<GrantedAuthority> authorities,
long id, String firstName, String lastName) {
super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities, id)
this.firstName = firstName
this.lastName = lastName
}
}
问题是我无法从LDAP获取其他信息而不是ldap登录用户名.非常感谢这里的帮助.法无签名:返修申请后到BEB上Customclasses即时得到这样的错误ASED)静态org.springframework.security.core.userdetails.User.findByUsername(用于参数类型适用:(java.lang.String中)值:海杜克]
默认情况下,Spring Security插件从数据库中获取用户和角色数据.负责读取用户和角色数据的Spring bean被命名userDetailsService.如果您想从其他地方获取用户和角色数据 - 例如LDAP - 您只需要用自己的bean替换这个bean,例如
import org.springframework.security.core.userdetails.*
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.dao.DataAccessException
class LdapUserDetailsService implements UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
// load the user and their role(s) from LDAP by username and return their
// details as an instance of a class that implements the UserDetails interface
}
}
不要忘记将此类注册为Spring bean resources.groovy
userDetailsService(LdapUserDetailsService)
有一些插件可以将Spring Security与LDAP集成,但我更愿意自己动手,因为它非常简单.文档提供了自定义的示例UserDetailsService.请注意,在编写自己的UserDetailsService/ 的实现时,没有必要扩展任何特定的类UserDetails,并且出于调试的目的,可能更容易直接实现接口.
| 归档时间: |
|
| 查看次数: |
1710 次 |
| 最近记录: |