我正在使用带有Java配置和LDAP身份验证/授权的Spring Security 3.2.5。
我们要求在LDAP中的两个单独树中搜索组。
OU =基团
和
OU =组,OU = web应用,OU =应用
我搜索过,但无法找到有关此主题的任何信息。
这是我目前正常运作的代码:
@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {
builder
.ldapAuthentication()
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users")
.groupSearchBase("ou=groups");
}
我想做这样的事情:
builder
.ldapAuthentication()
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users")
.groupSearchBase("ou=groups")
.groupSearchBase("ou=Groups,ou=webapps,ou=Applications");
这是可以理解的。
任何人都有关于从哪里开始的任何指示?
答案 0 :(得分:0)
我的解决方案是创建org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
的实现,它可以调用LdapAuthoritiesPopulator
的多个实例。然后为每个" groupSearchBase'创建一个LdapAuthoritiesPopulator
。我想查询。
@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {
MultipleLdapAuthoritiesPopulator multipleLdapAuthoritiesPopulator = new MultipleLdapAuthoritiesPopulator(
new DefaultLdapAuthoritiesPopulator(contextSource, "ou=Groups,ou=webapps,ou=Applications"),
new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups"));
builder
.ldapAuthentication()
.ldapAuthoritiesPopulator(multipleLdapAuthoritiesPopulator)
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users");
}
class MultipleLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private List<LdapAuthoritiesPopulator> authoritiesPopulators;
public MultipleLdapAuthoritiesPopulator(LdapAuthoritiesPopulator...authoritiesPopulators) {
this.authoritiesPopulators = asList(authoritiesPopulators);
}
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
List<GrantedAuthority> grantedAuthorities = authoritiesPopulators.stream()
.map(authPopulator -> authPopulator.getGrantedAuthorities(userData, username))
.flatMap(Collection::stream)
.collect(Collectors.toList());
return grantedAuthorities;
}
}