在我当前的项目中,我必须实现LDAP身份验证。 我正在使用JSF 2.2,primefaces和Spring 4.0以及spring-ldap-core 1.3.2和spring-security-ldap-3.2.0。以下是我迄今为止所做的工作:
弹簧Ldap.xml
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://mumcXXXXXXX" />
<property name="base" value="dc=ad,dc=XXX,dc=com"/>
<property name="userDn" value="XXXX@ad.XXX.com" />
<property name="password" value="XXXX" />
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="ldapContact"
class="com.csap.research.LDAPContactDAO">
<property name="ldapTemplate" ref="ldapTemplate" />
</bean>
我的LdapContactDao
public boolean login(String username, String password) {
AndFilter filter = new AndFilter();
ldapTemplate.setIgnorePartialResultException(true);
filter.and(new EqualsFilter("userPrincipalName", username+"@ad.cXXX.com"));
return ldapTemplate.authenticate("", filter.toString(), password);
}
此处,用户名和密码来自“登录”屏幕作为输入。我的问题是它非常硬编码。我不想在 Spring-Ldap.xml 中对用户名和密码进行硬编码,因此有人建议在此处使用Spring-security-Ldap { {3}}但我无法理解。
我的问题是如何实现Ldap与spring和corse JSF的动态集成,我将其用作前端控制器。 任何帮助都会很棒。
答案 0 :(得分:6)
我发现这些文章有助于使用spring security设置登录表单,但是,他们不使用jsf:
http://www.mkyong.com/spring-security/spring-security-hello-world-example/ http://www.mkyong.com/spring-security/spring-security-form-login-example/
并发现本文对使用ldap作为身份验证提供程序很有帮助,它不使用ldapTemplate,而是使用spring-security配置(文章中的spring-security.xml)
http://krams915.blogspot.com/2011/01/spring-security-mvc-using-ldap.html
答案 1 :(得分:0)
这是我使用LDAP进行身份验证的方式:
导入Maven依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>4.0.2.RELEASE</version>
</dependency>
编写WebSecurityConfigurerAdapter的实现:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String SSO_HEADER = "AUTH_USER";
public static final String ADMIN = "ROLE_ADMIN";
public static final String USER = "ROLE_USER";
public static final String ANONYMOUS = "ROLE_ANONYMOUS";
@Autowired
Environment env;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**","/js/**","/images/**","/fonts/**","/api/**","/sendRedirect/**","/test/**").permitAll()
.anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login")
.failureUrl("/login?error").permitAll()
.and()
.logout()
.deleteCookies("remove")
.invalidateHttpSession(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.and()
// Cross-site request forgery is turned off for RESTful API calls with the assumption that
// authentication will be sufficient protection
.csrf().ignoringAntMatchers("/api/**", "/space/{\\d+}/**", "/admin/**");
}
@Override
public AuthenticationManager authenticationManagerBean()
throws Exception
{
return authenticationManager();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Autowired
Environment env;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().userDnPatterns("cn={0}")
.contextSource(contextSource());
}
@Bean
public LdapContextSource contextSource() {
LdapContextSource contextSource = new LdapContextSource();
contextSource.setUrl(env.getRequiredProperty("ldap.url"));
contextSource.setBase(env.getRequiredProperty("ldap.base"));
contextSource.setUserDn(env.getRequiredProperty("ldap.username"));
contextSource.setPassword(env.getRequiredProperty("ldap.password"));
return contextSource;
}
}
}