我想在Spring Boot应用程序中实现LDAP身份验证。我有如下配置类:
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//@Value("${ad.domain}")
private String AD_DOMAIN;
//@Value("${ad.url}")
private String AD_URL;
WebSecurityConfig() {
AD_DOMAIN = "domain.com";
AD_URL = "ldap://URL";
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().permitAll().and().logout().permitAll();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
}
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN, AD_URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}
控制器:
@Controller
public class HomeController {
@GetMapping("/")
public String index() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String user = auth.getName();
return "Welcome to the home page "+ user;
}
我的pom文件依赖于:
<dependencies>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
这里一切正常我正在获取SpringBoot的默认登录页面,身份验证也正常工作。 但是现在我想在我的WebSecurityConfig类中使用自定义登录页面,我已经完成了以下操作:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();
}
其中/login
是我的自定义登录页面。但这不起作用。我认为AuthenticationManager绑定到Spring的默认登录页面。
有人可以建议我,这会有所帮助。感谢