Spring Security Java Config多组搜索库

时间:2014-10-30 23:01:27

标签: spring-security spring-security-ldap

我正在使用带有Java配置和LDAP身份验证/授权的Spring Security 3.2.5。

我们要求在LDAP中的两个单独树中搜索组。

OU =基团

OU =组,OU = web应用,OU =应用

我搜索过,但无法找到有关此主题的任何信息。

这是我目前正常运作的代码:

@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {


    builder
    .ldapAuthentication()
        .userDetailsContextMapper(userDetailsContextMapper)
        .contextSource(contextSource)
        .userSearchFilter("cn={0}")
        .userSearchBase("ou=Users")
        .groupSearchBase("ou=groups");


}

我想做这样的事情:

    builder
    .ldapAuthentication()
        .userDetailsContextMapper(userDetailsContextMapper)
        .contextSource(contextSource)
        .userSearchFilter("cn={0}")
        .userSearchBase("ou=Users")
        .groupSearchBase("ou=groups")
        .groupSearchBase("ou=Groups,ou=webapps,ou=Applications");

这是可以理解的。

任何人都有关于从哪里开始的任何指示?

1 个答案:

答案 0 :(得分:0)

我的解决方案是创建org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator的实现,它可以调用LdapAuthoritiesPopulator的多个实例。然后为每个" groupSearchBase'创建一个LdapAuthoritiesPopulator。我想查询。

@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {

    MultipleLdapAuthoritiesPopulator multipleLdapAuthoritiesPopulator = new MultipleLdapAuthoritiesPopulator(
        new DefaultLdapAuthoritiesPopulator(contextSource, "ou=Groups,ou=webapps,ou=Applications"),
        new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups"));

    builder
        .ldapAuthentication()
            .ldapAuthoritiesPopulator(multipleLdapAuthoritiesPopulator)
            .userDetailsContextMapper(userDetailsContextMapper) 
            .contextSource(contextSource)
            .userSearchFilter("cn={0}")
            .userSearchBase("ou=Users");
}

class MultipleLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private List<LdapAuthoritiesPopulator> authoritiesPopulators;

    public MultipleLdapAuthoritiesPopulator(LdapAuthoritiesPopulator...authoritiesPopulators) {
        this.authoritiesPopulators = asList(authoritiesPopulators);
    }

    @Override
    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
        List<GrantedAuthority> grantedAuthorities = authoritiesPopulators.stream()
            .map(authPopulator -> authPopulator.getGrantedAuthorities(userData, username))
            .flatMap(Collection::stream)
            .collect(Collectors.toList());

        return grantedAuthorities;
    }
}