我有一个项目,它将成为现有ERP应用程序的附加组件。我已经使用基本的Spring Security设置进行SSO工作(请参阅我的门票:Grails and CAS Basic Setup)。另外,我没有使用s2-quickstart。
我还是Java开发的新手,所以请耐心等待......我一直在查看文档和示例,并且在某些方面我对我所看到的内容更加困惑。我有几个问题:
1)此设置允许我访问登录用户的用户名,但不是很多其他内容?如何访问User对象以访问这些属性?现在,我正在使用:
def userDetails = springSecurityService.principal
then: userDetails ?.getUsername() to get the username
and: userDetails ?.getAuthorities() to get roles
这一切都有效,除非这是访问这些属性的最佳方式吗? 即,用户详细信息中是否还有其他属性,如何访问这些属性?
也许对此的答案取决于我接下来的这个......
2)我正在使用CAS进行身份验证,但现在我想从LDAP中提取一些其他属性。我尝试创建一个像http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/userDetailsService.html这样的自定义UserDetailsService,但即使在我通过初始编译错误之后,它似乎仍然需要User域类。如果我想用其他值扩展UserDetails,我必须实现用户域类吗?
在我的情况下,我真的只想要一个LDAP属性 - 而这一切看起来都很难得到它。我看了看,但是找不到一个好的工作/简单的例子......很多人都参与了Gorm或者安装了s2-quickstart。
TIA,
豆
这是我的配置...最后看到错误:
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.cas.active = true
grails.plugins.springsecurity.cas.sendRenew = false
grails.plugins.springsecurity.cas.serverUrlEncoding = 'UTF-8'
grails.plugins.springsecurity.cas.key = 'changeme'
grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = '${grails.serverURL}/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas2.mydomain.com:8443/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = '${grails.serverURL}/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugins.springsecurity.logout.afterLogoutUrl = 'https://cas2.mydomain.com:8443/cas/logout?service=' + appProtocol + '://cas2.mydomain.com:' + appPort + '/' + appName + '/'
grails.plugins.springsecurity.cas.artifactParameter = 'ticket'
grails.plugins.springsecurity.cas.serviceParameter = 'service'
grails.plugins.springsecurity.cas.filterProcessesUrl = '/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.useSingleSignout = true
grails.server.loopback.url = ""
//Spring Security Core Config
grails.plugins.springsecurity.rejectIfNoRule = false // V.044::to fix redirect loop::true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
/*
* Order matters...put the most restrictive first
*/
grails.plugins.springsecurity.interceptUrlMap = [
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'], // <- allows CAS to contact the receptor
'/protected/**': ['IS_AUTHENTICATED_FULLY'],
'/unprotected/**': ['IS_AUTHENTICATED_ANONYMOUSLY','IS_AUTHENTICATED_FULLY'],
'/filtered/edit': ["hasRole('ROLE_XYZ')"],
'/filtered/create': ["authentication.uid == 'criderk'"],
'/filtered/list': ["hasRole('ROLE_44808')"],
'/filtered/index': ["hasRole('ROLE_44808')"],
'/': ['IS_AUTHENTICATED_ANONYMOUSLY','IS_AUTHENTICATED_FULLY']
]
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['uid','mail']
grails.plugins.springsecurity.userLookup.userDomainClassName = 'basecas_04.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'basecas_04.UserRole'
grails.plugins.springsecurity.authority.className = 'basecas_04.Role'
// Place your Spring DSL code here
beans = {
// load ldap roles from spring security
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
"ldap://xx.xx.xx.xx:389"){
userDn = "cn=admin,dc=mydomain,dc=com"
password = "pw"
}
ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
"ou=employees,dc=mydomain,dc=com", "uid={0}", initialDirContextFactory){
}
ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,"ou=groups,dc=mydomain,dc=com"){
groupRoleAttribute = "gidNumber"
groupSearchFilter = "memberUid={1}"
searchSubtree = true
rolePrefix = "ROLE_"
convertToUpperCase = true
ignorePartialResultException = true
}
ldapUserDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,
ldapUserSearch,
ldapAuthoritiesPopulator)
userDetailsService(basecas_04.CustomUserDetailsService)
}
package basecas_04
import org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.userdetails.User
class MyUserDetails extends GrailsUser {
final String mail
MyUserDetails(String username, String password, boolean enabled,
boolean accountNonExpired, boolean credentialsNonExpired,
boolean accountNonLocked,
Collection<GrantedAuthority> authorities,
long id, String mail) {
super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities, id)
this.mail = mail
}
}
package basecas_04
import org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser import org.codehaus.groovy.grails.plugins.springsecurity.GrailsUserDetailsService import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils import org.springframework.security.core.authority.GrantedAuthorityImpl import org.springframework.security.core.userdetails.UserDetails import org.springframework.security.core.userdetails.UsernameNotFoundException
import basecas_04.User
class CustomUserDetailsService implements GrailsUserDetailsService { static final List NO_ROLES = [new GrantedAuthorityImpl(SpringSecurityUtils.NO_ROLE)] UserDetails loadUserByUsername(String username, boolean loadRoles) throws UsernameNotFoundException { return loadUserByUsername(username) } UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User.withTransaction { status ->
User user = User.findByUsername(username) if (!user) throw new UsernameNotFoundException('User not found', username)
def authorities = user.authorities.collect {
new GrantedAuthorityImpl(it.authority) }
return new MyUserDetails(user.username, user.password, user.enabled, !user.accountExpired,
!user.passwordExpired, !user.accountLocked,
authorities ?: NO_ROLES, user.id, user.mail) } } }
class User {
transient springSecurityService
String username
String password
String mail
//String displayName
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static constraints = {
username blank: false, unique: true
password blank: false
}
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
错误我
2014-02-18 08:37:48,106 [http-apr-8444-exec-9] ERROR errors.GrailsExceptionResolver - 处理请求时发生MissingPropertyException:[GET] / basecas_04 / protected / list 没有这样的属性:类的id:org.springframework.security.ldap.userdetails.LdapUserDetailsImpl 可能的解决方案:dn。 Stacktrace如下: groovy.lang.MissingPropertyException:没有这样的属性:类的id:org.springframework.security.ldap.userdetails.LdapUserDetailsImpl 可能的解决方案:dn at grails.plugins.springsecurity.SpringSecurityService.getCurrentUser(SpringSecurityService.groovy:80) at basecas_04.ProtectedController.list(ProtectedController.groovy:22) at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:195) at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63) 在org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65) 在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615) 在java.lang.Thread.run(Thread.java:722)
关于此的任何想法:
没有这样的属性:类的id:org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
答案 0 :(得分:0)
你的回答可能就在这里:spring-security-ldap(如果你使用这个,因为我相信你也在使用它?):https://github.com/grails-plugins/grails-spring-security-ldap/blob/master/src/java/grails/plugin/springsecurity/ldap/userdetails/GrailsLdapUserDetailsManager.java - t
快速搜索:
security.ldap.userdetails.LdapUserDetailsManager
返回:
loadUserByUsername
public UserDetails loadUserByUsername(String username) 抛出UsernameNotFoundException, DataAccessException的
从接口复制的描述:UserDetailsService 根据用户名找到用户。在实际实现中,搜索可能不区分大小写,或者不区分大小写,具体取决于实现实例的配置方式。在这种情况下,返回的UserDetails对象可能具有与实际请求的用户名不同的用户名。
Specified by:
loadUserByUsername in interface UserDetailsService
Parameters:
username - the username identifying the user whose data is required.
Returns:
**a fully populated user record (never null)**
答案 1 :(得分:0)
导航Spring Security bean迷宫可能有点困难。在好的方面,一旦你拥有了它的轴承,它就是一个非常强大而灵活的豆类迷宫:)
对于#1,您可以自由覆盖默认的UserDetails类
使用您自己的自定义实现添加任何其他实现
你需要的属性。为此,您需要定义自定义
核心插件文档中描述的UserDetailsService
here
对于#2,此链接可能有所帮助: http://swordsystems.com/2011/12/21/spring-security-cas-ldap/