Spring Security LDAP配置

时间:2015-02-16 07:07:07

标签: spring security active-directory ldap spring-ldap

我正在开发Spring Security,并希望了解使用注释的Spring Active Directory LDAP的配置。我需要将我的项目与我的工作场所的LDAP服务器连接。

1 个答案:

答案 0 :(得分:6)

@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth
         .authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }



/** To configure LDAP SERVER **/

        @Bean
        public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

            ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);

            provider.setConvertSubErrorCodesToExceptions(true);
            provider.setUseAuthenticationRequestCredentials(true);
            provider.setUserDetailsContextMapper(userDetailsContextMapper());


            return provider;
        }

        @Bean
        public UserDetailsContextMapper userDetailsContextMapper() {
            UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
            return contextMapper;
        }

        /** End configuration of LDAP SERVER **/    


    }``

public class LdapSecuredUser extends User实现LdapUserDetails {

/**
 * 
 */


@Autowired
private IUserService userService;

User newUser=new User();



public LdapSecuredUser(User u) {
    newUser=u;
    if (u != null) {

        this.setEmailId(u.getEmailId());
        this.setUserGroups(u.getUserGroups());
        System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities() 
                +" ");

    }
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    Collection<GrantedAuthority> authorities = new ArrayList<>();


    Set<Permission> permissions = new HashSet<Permission>(0);
    for (UserGroup userGroup : newUser.getUserGroups()){
        System.out.println(userGroup.getUserGroupName());
        for(Permission permission : userGroup.getPermissions()){
            permissions.add(permission);
        }
    }

    if (permissions != null) {
        for (Permission permission : permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
                    permission.getPermissionName());
            authorities.add(authority);
        }
    }
    return authorities;
}

@Override
public String getUsername() {
    return super.getEmailId();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

@Override
public String getDn() {
    return null;
}

}

public class AttributesLDAPUserDetailsContextMapper 实现UserDetailsContextMapper {

/**
 * 
 */


 private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();

@Autowired
private IUserService userService;

@Autowired
private IUserGroupService usergroupService;

   @Override
    public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
    {
        InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
        User u = userService.findByEmailIdEquals(userLdap.getUsername());

        String databaseUserNameCheching=userLdap.getUsername();



        if (u == null)
        {
                u = new User();
                List<UserGroup> myGroupList=new ArrayList<UserGroup>();
                UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
                myGroupList.add(usergroup);
                Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
                u.setUserGroups(userGroups);
                u.setEmailId(userLdap.getUsername());
                userService.save(u);
                return  new LdapSecuredUser(u);
        }
        u.setEmailId(userLdap.getUsername());
        String emailId=userLdap.getUsername();
        u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));

        userService.save(u);
        for (UserGroup grantedAuthoritya : u.getUserGroups()) {
            System.out.println(grantedAuthoritya.getUserGroupName());
        };

        return  new LdapSecuredUser(u);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
    {
        ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
    }

}

以上代码是针对Active目录完成的,其中不需要contextsource。搜索ldap属性时不需要显式查询。对我而言,它有效。

相关问题
最新问题