wun*_*tee 5 java authentication spring-security
我目前的ldap身份验证上下文设置如下:
<ldap-server url="ldap://host/dn"
manager-dn="cn=someuser"
manager-password="somepass" />
<authentication-manager>
<ldap-authentication-provider user-search-filter="(samaccountname={0})"/>
</authentication-manager>
现在,我需要能够设置自定义权限映射器(它使用不同的ldap服务器) - 所以我假设我需要设置类似于(http://static.springsource.org/spring的 ldap-server)-security/site/docs/2.0.x/reference/ldap.html):
<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns">
<list><value>uid={0},ou=people</value></list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="ou=groups"/>
<property name="groupRoleAttribute" value="ou"/>
</bean>
</constructor-arg>
</bean>
但是,如何在安全上下文中将"ldapAuthProvider"引用到ldap-server?
我也使用spring-security 3,所以''不存在......
小智 5
我所做的工作只是将其添加到安全上下文中:
<authentication-manager>
<authentication-provider ref='ldapAuthProvider'/>
</authentication-manager>
然后,像这样配置'ldapAuthProvider'bean:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://url/dc=mock,dc=com" />
<property name="userDn" value="cn=username,ou=People,dc=mock,dc=com" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value>uid={0},ou=People</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="com.mock.MyCustomAuthoritiesPopulator">
</bean>
</constructor-arg>
</bean>
随着MyCustomAuthoritiesPopulator的实现如下:
public class MyCustomAuthoritiesPopulator implements LdapAuthoritiesPopulator {
public Collection<GrantedAuthority> getGrantedAuthorities(
DirContextOperations arg0, String arg1) {
ArrayList<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
list.add((new SimpleGrantedAuthority("ROLE_USER"));
return list;
}
}
对于记录弹簧配置更简单,如果您使用自定义,LdapUserDetailsMapper因为有一个专用参数user-context-mapper-ref暴露在<ldap-authentication-provider/>其上允许您使用短配置样式:
<authentication-manager>
<ldap-authentication-provider
user-search-filter="sAMAccountName={0}"
user-search-base="OU=Users"
group-search-filter="(&(objectclass=group)(member={0}))"
group-search-base="OU=Groups"
user-context-mapper-ref="customUserContextMapper" />
</authentication-manager>
<ldap-server url="ldap://url:389/DC=mock,DC=com"
manager-dn="manager"
manager-password="pass" />
资料来源:http://forum.springsource.org/showthread.php?118845-How-to-modify-Authority-after-loading-it-from-LDAP
另外,在LdapAuthoritiesPopulator路线上你也可以扩展DeafultLdapAuthoritiesPopulator和覆盖getAdditionalRoles()而不是直接实现界面.
public class MyCustomAuthoritiesPopulator extends
DefaultLdapAuthoritiesPopulator {
@Override
protected Set<GrantedAuthority> getAdditionalRoles(
DirContextOperations user, String username) {
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add((new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
}
| 归档时间: |
|
| 查看次数: |
36269 次 |
| 最近记录: |