我想通过Ldap和Spring安全性对用户进行身份验证。 我使用数据库为用户提供角色,因此我实现了LdapAuthoritiesPopulator接口:
@Service("myAuthPopulator")
public class MyAuthoritiesPopulator implements LdapAuthoritiesPopulator {
@Autowired
private UserServices userServices;
static final Logger LOG = LoggerFactory.getLogger(MyAuthoritiesPopulator.class);
@Transactional(readOnly=true)
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
try{
com.domain.User user = userServices.getByUsersEnabled(username);
if (user==null){
LOG.error("Threw exception in MyAuthoritiesPopulator::getGrantedAuthorities : User doesn't exist into DART database" );
}
else{
//Use this if a user can have different roles
// for(Role role : user.getRole()) {
// authorities.add(new SimpleGrantedAuthority(role.getRole()));
// }
authorities.add(new SimpleGrantedAuthority(user.getRole().getRole()));
return authorities;
}
}catch(Exception e){
LOG.error("Threw exception in MyAuthoritiesPopulator::getGrantedAuthorities : " + ErrorExceptionBuilder.buildErrorResponse(e)); }
return authorities;
}
}
然后我有这个代码通过绑定
来验证用户@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Autowired
@Qualifier("myAuthPopulator")
LdapAuthoritiesPopulator myAuthPopulator;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception{
auth.ldapAuthentication()
.contextSource()
.url("ldaps://vldp.floal:636/")
.and()
.userDnPatterns("CN={0},CN=ProxyUsers,CN=fdam,dc=fg,dc=local")
.ldapAuthoritiesPopulator(myAuthPopulator);
}
}
我遇到了一个问题:用户无法检索他的属性,因此我收到了Spring错误:
ERROR o.s.s.w.a.UsernamePasswordAuthenticationFilter - An internal error occurred while trying to authenticate the user.
是否可以仅使用没有get属性的绑定进行登录? 有关此代码的说明:
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("CN", commonName));
boolean isAuthenticated = ldapTemplate.authenticate("CN=ProxyUsers,CN=fgadam", filter.encode(), password);
这是我的登录页面:
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo">
<b>DART</b> Sign in
</div>
<!-- /.login-logo -->
<div class="login-box-body">
<p class="login-box-msg">Sign in to start your session</p>
<form th:action="@{/login}" method="post">
<div th:if="${param.error}">
<script>
notifyMessage("Invalid username and password!", 'error');
</script>
</div>
<!-- <div th:if="${param.logout}">
<script>
notifyMessage("You have been logged out!", 'error');
</script>
</div> -->
<div class="form-group has-feedback">
<input id="username" name="username" type="text"
class="form-control" placeholder="Username"> <span
class="glyphicon glyphicon-user form-control-feedback"></span>
</div>
<div class="form-group has-feedback">
<input id="password" name="password" type="password"
class="form-control" placeholder="Password"> <span
class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div class="row">
<div class="col-xs-8">
<div class="checkbox icheck">
<label> <input type="checkbox"> Remember Me
</label>
</div>
</div>
<!-- /.col -->
<div class="col-xs-4">
<button id="signinButton" type="submit"
class="btn btn-primary btn-block btn-flat">Sign In</button>
</div>
<!-- /.col -->
</div>
</form>
<div >
<img th:src="@{/static/assets/dist/img/login.jpg}" class="img-responsive" alt="FCA">
</div>
</div>
<!-- /.login-box-body -->
</div>
<!-- /.login-box -->
</body>
也许我可以通过搜索经理帐户来检索它们。感谢