在spring boot(jhipster)中使用数据库中的角色进行LDAP身份验证

时间:2016-02-18 12:25:07

标签: spring authentication spring-security ldap jhipster

我从spring's documentation复制/粘贴几乎所有内容 结果是

@Configuration
@EnableWebSecurity
@Order( SecurityProperties.ACCESS_OVERRIDE_ORDER )
@EnableGlobalMethodSecurity( prePostEnabled = true, securedEnabled = true )
// @EnableLdapRepositories( basePackages =
// "org.springframework.ldap.samples.useradmin.domain" )
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
    @Configuration
    protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups")
                    .contextSource().ldif("classpath:ptolemaios.ldif");
        }
    }
...
}

第一步我想要AD的用户授权(在这种情况下来自ldif),但它不起作用,我找不到原因,我没有任何错误只有消息“你没有autority”< / p>

第二步也是最后一步是从我的数据库中获取角色aand在搜索后我相信这是一个很好的解决方案(如果我错了,请纠正我)

在SecurityConfiguration类内插入

public UserDetailsContextMapper userDetailsContextMapper() {
        return new UserDetailsContextMapper() {
            @Override
            public UserDetails mapUserFromContext(
                    DirContextOperations ctx, String username,
                    Collection<? extends GrantedAuthority> authorities) {
                log.error("2 " + username + " -> " + ctx.toString());
                String lowercaseLogonName = username.toLowerCase();
                Optional<PtolUser> userFromDatabase =
                        ptolUserRepository.findOneByLogonName(lowercaseLogonName);
                return userFromDatabase.map(user ->
                    {
                        if (!user.isAccountNonExpired()) {
                            throw new UserNotActivatedException(
                                    "User " + lowercaseLogonName + " was not activated");
                        }
                        List<GrantedAuthority> grantedAuthorities = user.getUserAuthorities().parallelStream()
                                .map(authority -> new SimpleGrantedAuthority(authority.getRole().getName()))
                                .collect(Collectors.toList());
                        return new org.springframework.security.core.userdetails.User(lowercaseLogonName,
                                user.getPassword(), true, user.isAccountNonExpired(), true,
                                user.isAccountNonLocked(), grantedAuthorities);
                    }).orElseThrow(
                            () -> new UsernameNotFoundException(
                                    "User " + lowercaseLogonName + " was not found in the AD"));
            }

            @Override
            public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
                throw new IllegalStateException("Only retrieving data from LDAP is currently supported");
            }

        };
    }

并进入AuthenticationManagerBuilder添加

auth//
    .ldapAuthentication()//
    .userDetailsContextMapper(userDetailsContextMapper())
...

谢谢!

0 个答案:

没有答案
相关问题
最新问题