Two*_*cks 8 java spring spring-security spring-boot
我在这里尝试 SpringBoot 中的 LDAP 身份验证示例
它使用的是 ldif 方法,我认为这不适用于我的要求,因为我们的 ldap 管理员不会告诉我在哪里可以找到我需要的 ldif。在 springboot 之前,我曾经使用我自己的 ldap 实现而不使用 ldif。有没有办法验证不使用 ldif 只是 SECURITY_AUTHENTICATION.simple ?下面是我如何在基本的 Java no spring 中执行 ldap 安全性。如何在不使用 ldif 只是基本用户名密码的情况下在 spring 中执行此操作。
boolean isLdapRegistred(String username, String password) {
boolean result = false;
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);
result = ctx != null;
if (ctx != null)
ctx.close();
System.out.println(result);
return result;
} catch (Exception e) {
System.out.println("oops");
return result;
}
}
下面是 SpringBoots 示例,需要使用我的凭据而不是 ldif。
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource().ldif("classpath:test-server.ldif");
}
}
这个对我来说非常有效,但我需要对它进行微小的修改。
@Configuration
@EnableWebSecurity
public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
Arrays.asList("ldapServerUrl:port"),rootDn);
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase));
return ldapAuthenticationProvider;
}
}
在达到这一点之前,我已经受苦了好几天否则你可以使用自定义身份验证并像这样
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private Logger log = Logger.getLogger(CustomAuthenticationProvider.class);
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String email = authentication.getName();
String password = authentication.getCredentials().toString();
log.info("email : " + email);
log.info("password : " + password);
try {
if (authenticate(email, password)) {
// use the credentials
// and authenticate against the third-party system
return new UsernamePasswordAuthenticationToken(
email, password, new ArrayList<>());
} else {
return null;
}
} catch (NamingException ex) {
log.info(ex);
}
return null;
}
boolean isLdapRegistred(String username, String password) {
boolean result = false;
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);
result = ctx != null;
if (ctx != null)
ctx.close();
System.out.println(result);
return result;
} catch (Exception e) {
System.out.println("oops");
return result;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
UsernamePasswordAuthenticationToken.class);
}
}
在另一堂课上
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private Logger log = Logger.getLogger(WebSecurityConfiguration.class);
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(
AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic();
}
}
然后奇迹发生了
如果没有 LDIF,而使用 Spring,您可以执行以下操作:
@Configuration
@EnableWebSecurity
public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl);
contextSource.setUserDn(ldapManagerDn);
contextSource.setPassword(ldapManagerPassword);
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase));
return ldapAuthenticationProvider;
}
}
| 归档时间: |
|
| 查看次数: |
13179 次 |
| 最近记录: |