春天正在恢复适当的权威/角色

时间:2013-06-06 12:49:05

标签: spring spring-security

我正在实施Active Directory身份验证和自定义授权。对于ROLE_USER,它显示ROLE_KAMLESHA的当前页面,它显示访问被拒绝页面。我究竟做错了什么?

 <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans 
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security 
                http://www.springframework.org/schema/security/spring-security.xsd">

        <!-- This is where we configure Spring-Security  -->
        <security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >

            <security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
            <security:intercept-url pattern="/krams/main/admin"  access="hasRole('ROLE_ADMIN2')"/>
            <security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_KAMLESHA')"/>
            <security:intercept-url pattern="/krams/main/admin"  access="hasRole('ROLE_USER')"/>
            <security:form-login
                    login-page="/krams/auth/login" 
                    authentication-failure-url="/krams/auth/login?error=true" 
                    default-target-url="/krams/main/common"/>

            <security:logout 
                    invalidate-session="true" 
                    logout-success-url="/krams/auth/login" 
                    logout-url="/krams/auth/logout"/>

        </security:http>

        <security:authentication-manager alias="authenticationManager">
            <security:authentication-provider ref="ldapAuthProvider" />
        </security:authentication-manager>

        <!-- Declare an authentication-manager to use a custom userDetailsService -->
        <!-- <security:authentication-manager>
                <security:authentication-provider user-service-ref="customUserDetailsService">
                        <security:password-encoder ref="passwordEncoder"/>
                </security:authentication-provider>
        </security:authentication-manager> -->

         <bean id="grantedAuthoritiesMapper" class="org.krams.tutorial.security.ActiveDirectoryGrantedAuthoritiesMapper" /> 

        <bean id="tdrUserDetailsContextMapper" class="org.krams.tutorial.security.UserDetailsContextMapperImpl"/>   
        <bean id="ldapAuthProvider"  class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
            <constructor-arg value="in.xxxxx.net" />
            <!-- <beans:constructor-arg value="ldap://xxx.xxx.xxx.xxx:389" /> -->
            <constructor-arg value="ldap://xxx.xxx.xxx.xxx:389" />
            <!-- <property name="authoritiesMapper" ref="grantedAuthoritiesMapper" /> --> 
            <property name="userDetailsContextMapper" ref="tdrUserDetailsContextMapper"/>       
            <property name="useAuthenticationRequestCredentials" value="true" />
            <property name="convertSubErrorCodesToExceptions" value="true" /> 
        </bean>

        <!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
        <bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

        <!-- A custom service where Spring will retrieve users and their corresponding access levels  -->
        <!-- <bean id="customUserDetailsService" class="org.krams.tutorial.service.CustomUserDetailsService"/> -->

    </beans>




package org.krams.tutorial.security;

import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

public class UserDetailsContextMapperImpl implements UserDetailsContextMapper, Serializable{
    private static final long serialVersionUID = 3962976258168853954L;

    @Override
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authority) {

        List<GrantedAuthority> mappedAuthorities = new ArrayList<GrantedAuthority>();




            if("kamahire".equals(username)){
                mappedAuthorities.add(new GrantedAuthority(){
                    private static final long serialVersionUID = 4356967414267942910L;

                    @Override
                    public String getAuthority() {
                        //return "ROLE_KAMLESHA";
                        return "ROLE_USER";
                    } 

                });

            }else if(username.equals("saslanka")){
                mappedAuthorities.add(new GrantedAuthority(){
                    private static final long serialVersionUID = -5167156646226168080L;

                    @Override
                    public String getAuthority() {
                        return "ROLE_KAMLESHA";
                    } 

                });


            /*if (granted.getAuthority().equalsIgnoreCase("MY USER GROUP")) {
                mappedAuthorities.add(new GrantedAuthority(){
                    private static final long serialVersionUID = 4356967414267942910L;

                    @Override
                    public String getAuthority() {
                        return "ROLE_USER";
                    } 

                });
            } else if(granted.getAuthority().equalsIgnoreCase("MY ADMIN GROUP")) {
                mappedAuthorities.add(new GrantedAuthority() {
                    private static final long serialVersionUID = -5167156646226168080L;

                    @Override
                    public String getAuthority() {
                        return "ROLE_ADMIN";
                    }
                });
            }*/
        }else{

                mappedAuthorities.add(new GrantedAuthority(){
                    private static final long serialVersionUID = -5167156646226168780L;

                    @Override
                    public String getAuthority() {
                        return "ROLE_ADMIN2";
                    }

                });


            }
        System.out.println("User name is :" + username + " ROLE" + mappedAuthorities.get(0).getAuthority() );
        return new User(username, "", true, true, true, true, mappedAuthorities);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1) {
    }


}

1 个答案:

答案 0 :(得分:0)

我已解决了更改目标网址的问题

<security:form-login
                    login-page="/krams/auth/login" 
                    authentication-failure-url="/krams/auth/login?error=true" 
                    default-target-url="/krams/main/test"/>