我正在为人力资源部门开发基于Java的Web应用程序。用户有两种类型:人力资源专家和申请人。专家通过LDAP身份验证登录,而申请人通过LinkedIn API登录。
如何配置这两种类型的用户的会话? Spring是否为此提供图书馆?现在,我的项目上没有会话配置,因此专家和申请人可以从同一台计算机上同时登录。
此外,我还需要能够根据一次登录的用户类型对.html文件进行更改。例如:“应用!”通过LinkedIn登录的用户应该可以看到该按钮,而通过LDAP登录的专家应该可以看到“查看申请人”按钮。如果您还可以告诉我有关Thymeleaf,Spring和您将向我推荐的会话处理方法如何一起工作的话,那将是很棒的。
我的LDAP身份验证:
@EnableGlobalMethodSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();
http.authorizeRequests().antMatchers("applicants**").fullyAuthenticated().and()
.authorizeRequests().antMatchers("**/job/**/applicants").fullyAuthenticated().and()
.formLogin().loginPage("/login").permitAll().and()
.logout().permitAll();
http.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource(contextSource())
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
@Bean
public DefaultSpringSecurityContextSource contextSource() {
return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
}
}
LinkedIn登录名:
@RestController
@RequestMapping("/connect")
public class LinkedInController {
public static boolean connected = false;
public static Applicant applicant;
private static final String API_KEY = "xxxx";
private static final String SECRET_KEY = "xxxx";
private static final String REDIRECT_URI = "http://localhost:8080/connect/done/";
private static final String STATE = "xxxx";
private static final String NETWORK_NAME = "LinkedIn";
private static final String PROTECTED_RESOURCE_URL = "https://api.linkedin.com/v1/people/~:(%s)";
private static final String RESOURCE_FIELDS = "id,firstName,lastName,emailAddress,maiden-name,headline," +
"industry,summary,picture-url";
private OAuth20Service service;
private ApplicantService applicantService;
@Autowired
public LinkedInController(ApplicantService applicantService){
this.applicantService = applicantService;
}
@GetMapping()
public ModelAndView redirectToAuthorization (Model model) throws IOException, InterruptedException, ExecutionException {
// Replace these with your client id and secret
service = new ServiceBuilder(API_KEY)
.apiSecret(SECRET_KEY)
.scope("r_basicprofile r_emailaddress")
.callback(REDIRECT_URI)
.state(STATE)
.build(LinkedInApi20.instance());
final Scanner in = new Scanner(System.in);
final String authorizationUrl = service.getAuthorizationUrl();
System.out.println("Auth. link:" + authorizationUrl);
return new ModelAndView(new RedirectView(authorizationUrl));
}
@GetMapping("/done")
public ModelAndView getToken(@RequestParam("code") String code, @RequestParam("state") String state, Model model) throws IOException, InterruptedException, ExecutionException {
if (state.equals(STATE)){
connected = true;
System.out.println("State correct.");
final OAuth2AccessToken accessToken = service.getAccessToken(code);
final OAuthRequest request = new OAuthRequest(Verb.GET, String.format(PROTECTED_RESOURCE_URL, RESOURCE_FIELDS));
System.out.println(request.getUrl());
request.addHeader("x-li-format", "json");
request.addHeader("Accept-Language", "ru-RU");
service.signRequest(accessToken, request);
final Response response = service.execute(request);
ObjectMapper mapper = new ObjectMapper();
Applicant applicant = mapper.readValue(response.getBody(), Applicant.class);
this.applicant = applicant;
applicantService.persistNewApplicant(applicant);
}
model.addAttribute("success", LinkedInController.connected);
model.addAttribute("applicant", LinkedInController.applicant);
return new ModelAndView("connected.html");
}
}
我正在使用Spring Boot,IntelliJ,H2数据库,LinkedIn API和LDAP。