在春天使用ldap进行身份验证

时间:2014-01-10 08:33:45

标签: spring ldap

目前,我使用数据源和弹簧来验证,

这是 security-app-context.xml

中的配置 
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/administration/**" access="hasRole('ADMIN')" />
        <intercept-url pattern="/citizen/**" access="hasRole('USER')" />
        <form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
          default-target-url = "/citizen/test.htm"
            authentication-failure-url="/index.htm?error=1"/>
        <logout logout-success-url="/index.htm" />
    </http>

    <beans:bean class="com.test.redirect.CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password, enabled from users where username=?" authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =?  " />
        </authentication-provider>
    </authentication-manager>
</beans:beans>

这是CustomAuthenticationHandler.java 

import java.io.IOException;
import java.util.Set;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

public class CustomAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {

 @Override
 public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {

     String targetUrl = "/test/page.htm";

      Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());


      if (roles.contains("ADMIN")) {

         getRedirectStrategy().sendRedirect(request, response, targetUrl);
      }  else {
         super.onAuthenticationSuccess(request, response, authentication);
         return;
      }
   }
}

我想知道更正配置,以便不使用数据源但使用ldap

进行身份验证

这是我的ldap中的相同参数:

Base Provider URL
ldap://192.168.0.88:389

Base DN

DC=MINISTER,DC=FR

Principal

CN=LDAP Requester,OU=Users,OU=Technical Accounts,OU=P9 Accounts,DC=MINISTER,DC=FR

Credentials

minister$9999

Users

Authentication Search Filter

(&(objectClass=person)(mail=@email_address@))

Users DN DC=MINISTER,DC=FR

Groups DN DC=MINISTER,DC=FR

已更新:

我尝试使用此代码:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/administration/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/citizen/**" access="hasRole('USER')" />
        <intercept-url pattern="/menu/menu.htm"  access="hasAnyRole('ROLE_ADMIN','USER')" />   


         <form-login login-page="/index.htm"
          default-target-url = "/citizen/test.htm"
            authentication-failure-url="/index.htm?error=1"/>
        <logout logout-success-url="/index.htm" />


    </http>



         <beans:bean id="grantedAuthoritiesMapper" class="com.test.ActiveDirectoryGrantedAuthoritiesMapper"/>

    <authentication-manager>
    <authentication-provider ref="ldapActiveDirectoryAuthProvider" />

    </authentication-manager> 
    <beans:bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
        <beans:constructor-arg value="DC=MINISTER,DC=TN" />
        <beans:constructor-arg value="ldap://192.168.0.88:389" />
        <beans:property name="authoritiesMapper" ref="grantedAuthoritiesMapper" />
        <beans:property name="useAuthenticationRequestCredentials" value="true" />
        <beans:property name="convertSubErrorCodesToExceptions" value="true" />
    </beans:bean>

</beans:beans>

这是一个java类:

import java.io.IOException;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Set;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;

/**
 * Maps the groups defined in LDAP nomenclature to roles for a specific user.
 */
public class ActiveDirectoryGrantedAuthoritiesMapper implements GrantedAuthoritiesMapper {

    // Constants for group defined in LDAP
    private static final String ROLE_ADMIN = "ADMIN";


    public ActiveDirectoryGrantedAuthoritiesMapper() {
    }

    public Collection<? extends GrantedAuthority> mapAuthorities(
            final Collection<? extends GrantedAuthority> authorities) {

        Set<SecurityContextAuthority> roles = EnumSet.noneOf(SecurityContextAuthority.class);

        for (GrantedAuthority authority : authorities) {
            // authority.getAuthority() returns the role in LDAP nomenclature
            if (ROLE_ADMIN.equals(authority.getAuthority())) {
                roles.add(SecurityContextAuthority.ROLE_ADMIN);

            }
        }
        return roles;
    }

}

这是SecurityContextAuthority.java类

import org.springframework.security.core.GrantedAuthority;

/**
 * Maps the groups defined in LDAP to roles for a specific user.
 */
public enum SecurityContextAuthority implements GrantedAuthority {

    // These roles are specified in the security context (security.xml) and are
    // mapped to LDAP roles by the ActiveDirectoryGrantedAuthoritiesMapper
    ROLE_ADMIN;

    public String getAuthority() {
        return name();
    }
}

但是当我测试时我有这个错误:

[org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider] (http-localhost-127.0.0.1-8080-3) Active Directory authentication failed: Supplied password was invalid

1 个答案:

答案 0 :(得分:0)

我正在做同样的事情,我的代码正在运作。查看代码,我只发现了我的代码的一个区别。在您的安全配置文件中,在ldapActiveDirectoryAuthProvider bean中,您的两个构造函数args是:

<beans:constructor-arg value="DC=MINISTER,DC=TN" />
<beans:constructor-arg value="ldap://192.168.0.88:389" />
我采取了不同的结构;使用你的价值观,就像这样:

<beans:constructor-arg value="192.168.0.88" />
<beans:constructor-arg value="ldap://192.168.0.88" />

您可能也需要传递域组件,但我想知道您的配置是否需要同时传入域和URL。另外,我注意到它似乎添加了默认端口,所以我把它从我的网址上删除。

相关问题
最新问题