JHipster使用LDAP身份验证

时间:2017-05-19 14:39:24

标签: java spring-security ldap jhipster

我几周前开始使用JHipster,从现在开始一切都找到了。我希望在进行LDAP身份验证时同时使用JHipster的默认身份验证。

我遵循了此https://jhipster.github.io/tips/016_tip_ldap_authentication.html,但它无法按计划运行。 实际上我的配置连接到我的LDAP服务器,我知道通过查看登录搜索到LDAP服务器并比较密码的日志。

问题是登录失败并显示错误:

UT005023: Exception handling request to /api/authentication

org.springframework.security.core.userdetails.UsernameNotFoundException: User nseys was not found in the database
    at com.mycompany.myapp.security.PersistentTokenRememberMeServices.lambda$onLoginSuccess$1(PersistentTokenRememberMeServices.java:116)
    at java.util.Optional.orElseThrow(Optional.java:290)
    at com.mycompany.myapp.security.PersistentTokenRememberMeServices.onLoginSuccess(PersistentTokenRememberMeServices.java:116)
    at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.loginSuccess(AbstractRememberMeServices.java:294)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    ...

问题是我希望JHipster在数据库中自动创建用户时,如果参数映射不存在(但只有当它是LDAP用户时)才会在数据库中创建用户,如果已经完成则只需连接。

我已经搜索过Spring-security解决方案,但实现距离JHipster创建的初始文件太远了,我不想破坏所有这些。

1 个答案:

答案 0 :(得分:0)

嗯我尝试了一些有用的东西,我不知道这是不是我应该怎么做,但是由于我没有发现任何相关内容,并且没有记录很多,我会坚持使用该解决方案,除非我找到一个更好的解决方案。

// PersistentTokenRememberMeServices.java

protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication
    successfulAuthentication) {

    String login = successfulAuthentication.getName();

    log.debug("Creating new persistent login for user {}", login);

    PersistentToken t = new PersistentToken();
    t.setSeries(RandomUtil.generateSeriesData());
    t.setTokenValue(RandomUtil.generateTokenData());
    t.setTokenDate(LocalDate.now());
    t.setIpAddress(request.getRemoteAddr());
    t.setUserAgent(request.getHeader("User-Agent"));

    PersistentToken token = userRepository.findOneByLogin(login).map(u -> {
        t.setUser(u);
        return t;
    }).orElse(null);

    if (token == null) {
        if (successfulAuthentication.getPrincipal() instanceof LdapUserDetails) {
            User ldapUser = new User();
            ldapUser.setLogin(login);
            ldapUser.setPassword(RandomStringUtils.random(60)); // We use LDAP password, but the password need to be set
            ldapUser.setActivated(true);

            CustomLdapUserDetails customLdapUserDetails = (CustomLdapUserDetails) successfulAuthentication.getPrincipal();
            ldapUser.setEmail(customLdapUserDetails.getEmail());
            ldapUser.setFirstName(customLdapUserDetails.getFirstName());
            ldapUser.setLastName(customLdapUserDetails.getLastName());

            Set<Authority> authorities = new HashSet<>();
            authorities.add(this.authorityRepository.findOneByName("ROLE_USER"));
            ldapUser.setAuthorities(authorities);
            ldapUser.setLangKey("fr");

            userRepository.save(ldapUser);
            t.setUser(ldapUser);
            token = t;
        } else {
            throw new UsernameNotFoundException("User " + login + " was not found in the database");
        }
    }
    ...
}

我添加了一个contextMapper来获取LDAP服务器中的属性

// SecurityConfiguration.java
@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
    return new LdapUserDetailsMapper() {
        @Override
        public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
            UserDetails details = super.mapUserFromContext(ctx, username, authorities);
            return new CustomLdapUserDetails((LdapUserDetails) details, ctx);
        }
    };
}

@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setUrl(applicationProperties.getLdap().getUrl());
    contextSource.setBase(applicationProperties.getLdap().getBase());
    contextSource.setUserDn(applicationProperties.getLdap().getUserDn());
    contextSource.setPassword(applicationProperties.getLdap().getPassword());
    contextSource.afterPropertiesSet(); //needed otherwise you will have a NullPointerException in spring

    auth.ldapAuthentication()
        .userDetailsContextMapper(userDetailsContextMapper())
        .userSearchBase(applicationProperties.getLdap().getSearchBase()) //don't add the base
        .userSearchFilter(applicationProperties.getLdap().getSearchFilter())
        .contextSource(contextSource)
    ;
}