我关注this article并将我的应用程序配置为通过LDAP进行身份验证(这完美地运行)。 现在我在应用程序中使用了3个角色,我想为它们创建映射。
所以我实现了接口GrantedAuthoritiesMapper
@Component
public class MyAuthorityMapper implements GrantedAuthoritiesMapper {
@Autowired
private MyAuthorityConfig authoritiesConfig;
@Override
public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> collection) {
Set<MyAuthority> roles = EnumSet.noneOf(MyAuthority.class);
for (GrantedAuthority g : collection) {
for (String role : authoritiesConfig.getAuthoritiesMap().keySet()) {
if (Arrays.asList(authoritiesConfig.getAuthoritiesMap().get(role).split(",")).contains(g.getAuthority())) {
roles.add(MyAuthority.valueOf(role));
}
}
}
return roles;
}
}
这是角色扮销者
@Component
@ConfigurationProperties(prefix = "auth.role.mapping")
public class MyAuthorityConfig {
private Map<String, String> authroritiesMap = new HashMap<String, String>();
public Map<String, String> getAuthoritiesMap() {
return this.authroritiesMap;
}
}
和application-dev.properties
auth.role.mapping.ROLE_COMPETENCE_CENTER=ROLECC
auth.role.mapping.ROLE_OPERATIONS=ROLEOPS,ROLEPAR
auth.role.mapping.ROLE_ADMINISTRATOR=ROLEADM,ROLESUPUSR
现在MyAuhtorityConfig只包含空地图。是否可以使用@ConfigurationProperties,就像我在这里使用它一样?我无法找到如何使用它填充地图。或者是否存在特定于配置文件的属性文件的问题?
在WebSecurityConfig中我有LDAP配置的方法,但我不知道注入MyAuthorityMapper的方式/位置,或者如果不使用ActiveDirectoryLdapAuthenticationProvider
private void configureLdap(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(env.getProperty("auth.ldap.urls"));
contextSource.setUserDn(env.getProperty("auth.ldap.user"));
contextSource.setPassword(env.getProperty("auth.ldap.password"));
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
auth.ldapAuthentication()
.userSearchBase(env.getProperty("auth.ldap.user.search.base"))
.userSearchFilter(env.getProperty("auth.ldap.user.search.filter"))
.groupSearchBase(env.getProperty("auth.ldap.group.search.base"))
.groupSearchFilter(env.getProperty("auth.ldap.group.search.filter"))
.groupRoleAttribute(env.getProperty("auth.ldap.group.search.attribute"))
.contextSource(contextSource)
;
}
答案 0 :(得分:0)
好的,对于@ConfigurationProperties的第一个问题,有这样的解决方法:
@Component
@ConfigurationProperties(prefix = "auth.role")
public class MyAuthorityConfig {
private Map<String, String> mapping = new HashMap<String, String>();
public Map<String, String> getMapping() {
return this.mapping;
}
}
@ConfigurationProperties在属性中查找前缀auth.role,然后获取映射部分,该部分应该是我班级中属性的名称。
对于第二个问题,我找到了UserDetailsContextMapper
@Component(value = "myUserDetailsContextMapper")
public class MyUserDetailsContextMapper implements UserDetailsContextMapper {
private static final Logger log = LoggerFactory.getLogger(MyUserDetailsContextMapper.class);
@Autowired
private MyAuthorityConfig authoritiesConfig;
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
log.debug("mapUserFromContext start");
List<GrantedAuthority> mappedAuthorities = new ArrayList<>();
for (GrantedAuthority g : authorities) {
for (String role : authoritiesConfig.getMapping().keySet()) {
if (Arrays.asList(authoritiesConfig.getMapping().get(role).split(","))
.contains(g.getAuthority().startsWith("ROLE_") ? g.getAuthority().substring("ROLE_".length()) : g.getAuthority())) {
log.debug("Mapping from LDAP role {} to application role {} for user {}", g.getAuthority(), role, username);
mappedAuthorities.add(MyAuthority.valueOf(role));
}
}
}
return new User(username, "", mappedAuthorities);
}
@Override
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
}
}
我不确定返回new User(username, "", mappedAuthorities);是否正常(我必须使用已锁定/已停用的用户正确测试)但现在可以正常使用。