Spring Security 3.1 - LdapAuthenticationProvider + GrantedAuthoritiesMapper

时间:2013-07-01 11:17:32

标签: spring spring-security

我为DefaultLdapAuthoritiesPopulator创建了一个AuthoritiesMapper。正确映射角色并使用intercept-url。

如果我尝试使用getUserPrincipal()访问控制器中的角色,我仍然会获得LDAP组。

看一下populator中的代码,它应该可以工作。

知道什么是错的或如何解决?我需要根据角色显示/隐藏部分视图

/*************************************************************************************
 * Maps Spring Security GrantedAuthorities 
 * e.g. AD groups populated using LdapAuthoritiesPopulator mapped to fixed role names
 * as defined in a Map instance (e.g. populated from a property file)
 * 
 * Sample roleMap:
 * Key          Value
 * Group1       ROLE_USER
 * Group2       ROLE_ADMIN
 * Group3       ROLE_ADMIN,ROLE_USER
 *************************************************************************************/
public class MapBasedGrantedAuthorityMapper implements GrantedAuthoritiesMapper {
    private Map<String,String> roleMap;
    private String stringSeparator = ",";
    private SimpleGrantedAuthority unknownAuthorithy = new SimpleGrantedAuthority("ROLE_UNKNOWN");
    private boolean keepUnknownAuthorities = false;
    public MapBasedGrantedAuthorityMapper(Map<String,String> roleMap){
        this.roleMap = roleMap;
    }

    public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
        String[] mappedValues; 
        Set<GrantedAuthority> mapped = new HashSet<GrantedAuthority>(authorities.size());
        for (GrantedAuthority auth : authorities) {
            if (roleMap.containsKey(auth.getAuthority())) {
                mappedValues = StringUtils.split(roleMap.get(auth.getAuthority()),stringSeparator);
                for (String mappedValue: mappedValues) {                    
                    mapped.add(new SimpleGrantedAuthority(StringUtils.trimToEmpty(mappedValue)));
                }
            } else if (keepUnknownAuthorities){ 
                mapped.add(auth);
            } else if (unknownAuthorithy != null){
                mapped.add(unknownAuthorithy);
            }
        }       
        return mapped;
    }
             // getters and setters

}

1 个答案:

答案 0 :(得分:0)

我找到了解决这个问题的方法..

在视图中我可以使用spring security taglibs

<sec:authorize access="hasRole('ROLE_ADMIN')"> 

在服务层我可以使用@Secured