我可能陷入一个非常愚蠢的问题,尝试使用spring-security-core和spring-security-ldap插件在Grails应用程序(书店)中实现基于LDAP角色的身份验证/授权。我创建了一个自定义UserDetailsContextMapper并尝试将我的LDAP角色映射到应用程序角色。但是, memberof 属性永远不会在属性中返回。
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection authorities) {
Attributes attributes = ctx.getAttributes();
Object[] groups = new Object[10];
groups = ctx.getObjectAttributes("memberof"); //returns empty array
Set<GrantedAuthority> authority = new HashSet<GrantedAuthority>();
for(Object group: groups){
if (group.toString().toLowerCase().contains("ROLE_FROM_LDAP".toLowerCase()) == true){
authority.add(new SimpleGrantedAuthority("ROLE_APP"));
break;
}
}
User userDetails = new User(username, "", false, false, false, false, authority);
return userDetails;
}
有趣的是,当我使用 ldapsearch 在LDAP上运行查询时,我确实得到了返回的属性。
我坚持的是如何配置等同于&#34; 请求:&#34; (如下面的 ldapsearch 所示)在Grails LDAP配置中,以便插件能够获取&#34;成员&#34;属性(我尝试使用 ldap.search.attributesToReturn 将其添加到Grails LDAP插件配置中,但无济于事。)
ldapsearch -t -x -b "ou=people,dc=domain,dc=com" "cn=myusername" memberof
.....
# LDAPv3
# base <ou=people,dc=domain,dc=com> with scope subtree
# filter: cn=myusername
# requesting: memberof
#
.....
dn: cn=myusername,ou=people,dc=domain,dc=com
memberOf: cn=ROLE_FROM_LDAP,ou=groups,dc=domain,dc=com
以下是Grails LDAP配置:
grails {
plugin {
springsecurity {
providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']
ldap {
useRememberMe = false
context {
managerDn = 'cn=manager,dc=domain,dc=com'
managerPassword = 'secret'
server = 'ldap://localhost:389/'
}
search {
base = 'ou=people,dc=domain,dc=com'
filter = 'cn={0}'
searchSubtree = true
attributesToReturn: ['memberOf'] //extra attributes you want returned
}
auth {
hideUserNotFoundExceptions = false
}
authorities {
retrieveDatabaseRoles = false
retrieveGroupRoles = true
groupSearchBase = 'ou=groups,dc=domain,dc=com'
groupSearchFilter = 'member={0}'
}
}
}
}
}
答案 0 :(得分:1)
您可以注入springSecurityService并获取类似:
springSecurityService.getPrincipal().getAuthorities()