使用Spring Security LDAP及其身份验证正常,但现在我需要从LDAP条目加载userLevel属性以确定用户的级别。
我的Spring Security配置如下所示
@Profile(value = {"sit", "uat", "prod"})
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
protected Environment environment;
public SecurityConfig() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase("dc=fantasycompany,dc=com")
.userDnPatterns("cn={0},ou=users,ou=somedepartment,o=departments,c=US,dc=fantasycompany,dc=com")
.contextSource()
.url("ldaps://someserver:636")
.managerDn("cn=someone,cn=users,dc=fantasycompany,dc=com")
.managerPassword("somethingsomething");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
/**httpSecurity.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/",true)
.failureUrl("/login.html?error=true");*/
httpSecurity
.csrf().disable()
.authorizeRequests()
.antMatchers("/login*").permitAll()
.antMatchers("/css/*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/",true)
.failureUrl("/login?error=true")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID");
}
}
我如何让Spring将userLevel属性从LDAP条目加载到ROLES中?
答案 0 :(得分:0)
您需要一个自定义LdapAuthoritiesPopulator来读取属性(例如,使用AD时为'memberOf'或使用OpenDJ时为'isMemberOf')以提取'角色'。
ActiveDirectoryLdapAuthenticationProvider在不使用LdapAuthoritiesPopulator的情况下执行此操作。