在我的Spring Security配置中实现ldapAuthentication会使进程忽略布尔字段:" enabled"在用户(org.springframework.security.core.userdetails)上,它允许禁用的用户连接..
Security Config运行良好,禁止用户使用userDetailsService连接简单身份验证,但是使用ldapAuthentication失败。
这是 SecurityConfig 类:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackages = {"com.mykeys.test"})
public class SecurityConfig {
@Resource
Environment environment;
@Resource
BaseLdapPathContextSource contextSource;
private static final String PROPERTY_NAME_SECURITY_KEY = "security.key";
@Resource(name="userDetailsService")
private UserDetailsService userDetailsService;
@Resource
public void configureAuthentification(AuthenticationManagerBuilder auth) throws Exception {
//auth.userDetailsService(userDetailsService);
auth.ldapAuthentication()
.userSearchFilter("uid={0}")
.ldapAuthoritiesPopulator(new UserDetailsServiceLdapAuthoritiesPopulator(userDetailsService))
.userSearchBase(environment.getProperty(LdapConfig.PROPERTY_LDAP_USER_SEARCH_BASE, LdapConfig.DEFAULT_LDAP_USER_SEARCH_BASE) )
.contextSource(contextSource);
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.headers()
.addHeaderWriter(new StaticHeadersWriter("X-Frame-Options", "SAMEORIGIN"))
.and()
.authorizeRequests()
.anyRequest().authenticated();
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Resource
Environment environment;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/js/**", "/css/**", "/fonts/**", "/less/**", "/favicon.ico", "/holder.js/**", "/img/**", "/partial/**");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.permitAll()
.defaultSuccessUrl("/")
.failureUrl("/login?error")
.and()
.logout()
.permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login?error")
.and()
.and()
.rememberMe()
.key(environment.getProperty(PROPERTY_NAME_SECURITY_KEY, UUID.randomUUID().toString()))
.and()
.authorizeRequests()
.anyRequest()
.authenticated();
}
}
}
这是 UserDetailsServiceImpl 类(此bean自动注入SecurityConfig类):
@Service("userDetailsService")
@Transactional(readOnly = true)
public class UserDetailsServiceImpl implements UserDetailsService{
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Resource MessageSource messageSource;
@Transactional
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
try {
List<GrantedAuthority> list = getAllAuthor();
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(
username,
username,
false,
false,
false,
false,
list
);
return user;
} catch (Exception e) {
logger.warn("Authentification refusée pour l'utilisateur au login {}", username, e);
throw new UsernameNotFoundException(e.getMessage());
}
}
public static List<GrantedAuthority> getAllAuthor(){
Collection<String> roles = new ArrayList<>();
roles.add("ROLE1");
roles.add("ROLE2");
ArrayList<GrantedAuthority> authorities=new ArrayList<GrantedAuthority>();
if (roles != null) {
for (String roleName : roles) {
authorities.add(new SimpleGrantedAuthority(roleName));
}
}
return authorities;
}
}
这是 LdapConfig 类:
@Configuration
@EnableLdapRepositories
public class LdapConfig {
public static final String PROPERTY_LDAP_URL = "ldap.url";
public static final String DEFAULT_PROPERTY_LDAP_URL = "ldap://localhost:33899";
public static final String PROPERTY_LDAP_LDIF_FILE = "ldap.ldif";
public static final String DEFAULT_LDAP_LDIF_FILE = "classpath:data/ldif/corp.mykeys.com.ldif";
public static final String PROPERTY_LDAP_LOGIN_DN = "ldap.login.dn";
public static final String DEFAULT_PROPERTY_LDAP_LOGIN_DN = "LOGIN";
public static final String PROPERTY_LDAP_PASSWORD = "ldap.password";
public static final String DEFAULT_PROPERTY_LDAP_PASSWORD = "pass";
public static final String PROPERTY_LDAP_SEARCH_BASE = "ldap.searchbase";
public static final String DEFAULT_LDAP_SEARCH_BASE = "dc=corp,dc=mykeys,dc=com";
public static final String PROPERTY_LDAP_USER_SEARCH_BASE = "ldap.usersearchbase";
public static final String DEFAULT_LDAP_USER_SEARCH_BASE = "OU=FR,OU=Employees";
@Resource
Environment environment;
@Bean
BaseLdapPathContextSource contextSource() throws Exception {
LdapContextSource contextSource = new LdapContextSource();
contextSource.setUrl(environment.getProperty(PROPERTY_LDAP_URL, DEFAULT_PROPERTY_LDAP_URL));
contextSource.setBase(environment.getProperty(PROPERTY_LDAP_SEARCH_BASE, DEFAULT_LDAP_SEARCH_BASE));
contextSource.setAnonymousReadOnly(true);
contextSource.setUserDn(environment.getProperty(PROPERTY_LDAP_LOGIN_DN, DEFAULT_PROPERTY_LDAP_LOGIN_DN));
contextSource.setPassword(environment.getProperty(PROPERTY_LDAP_PASSWORD, DEFAULT_PROPERTY_LDAP_PASSWORD));
if (environment.getProperty(PROPERTY_LDAP_URL, DEFAULT_PROPERTY_LDAP_URL).contains("ldap://localhost")) {
ldapServer();
}
return contextSource;
}
@Bean
LdapTemplate ldapTemplate() throws Exception { return new LdapTemplate(contextSource());
}
@Bean
@Lazy
public ApacheDSContainer ldapServer() throws Exception {
ApacheDSContainer apacheDSContainer= new ApacheDSContainer(environment.getProperty(PROPERTY_LDAP_SEARCH_BASE, DEFAULT_LDAP_SEARCH_BASE), environment.getProperty(PROPERTY_LDAP_LDIF_FILE, DEFAULT_LDAP_LDIF_FILE));
apacheDSContainer.setPort(Integer.valueOf(DEFAULT_PROPERTY_LDAP_URL.substring(DEFAULT_PROPERTY_LDAP_URL.lastIndexOf(":")+1)));
return apacheDSContainer;
}
@Bean
public String userSearchBase() {
return environment.getProperty(PROPERTY_LDAP_USER_SEARCH_BASE, DEFAULT_LDAP_USER_SEARCH_BASE);
}
}
实现自定义userDetailsContextMapper也不起作用..