我正在使用spring boot rest URL“ / login”进行用户登录,并使用用户凭据从前端访问此URL。我的spring boot服务与LDAP服务器配置在一起,并且在显示任何结果之前正在对所有所需的请求进行身份验证。但是现在,我希望它在不显示其他登录页面的情况下对用户进行身份验证,因为当我从前端本身发送用户凭据时。
LDAP配置:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ldap-url}")
private String url;
@Value("${ldap-basedn}")
private String baseDn;
@Value("${ldap-user-password}")
private String userPassword;
@Value("${ldap-user-dnpattern}")
private String userDnPattern;
@Value("${ldap.password}")
private String ldapPrincipalPassword;
@Value("${ldap.username}")
private String ldapSecurityPrincipal;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedhandler;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter() { return new JwtAuthenticationFilter();}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns(userDnPattern)
.contextSource()
.url(url+baseDn)
.managerDn(ldapSecurityPrincipal)
.managerPassword(ldapPrincipalPassword)
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
// super.configure(auth);
// auth.userDetailsService(customUserDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Override
@Bean(BeanIds.AUTHENTICATION_MANAGER)
protected AuthenticationManager authenticationManager() throws Exception {
// TODO Auto-generated method stub
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(null).and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().frameOptions().sameOrigin()
.and()
.authorizeRequests()
.antMatchers(
"/",
"favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/login").permitAll()
.anyRequest().fullyAuthenticated();
// .antMatchers(SIGN_UP_URLS).permitAll()
// .anyRequest()
// .authenticated();
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
super.configure(http);
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
}
控制器:
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<?> authenticateUser(@Valid @ModelAttribute LoginRequest loginRequest, BindingResult result){
ResponseEntity<?> errorMap = mapValidationErrorService.getMapValidationErrors(result);
if(errorMap != null) return errorMap;
String jwt = null;
在LoginRequest pojo内部,我提供了我的用户凭据。我需要做的就是直接从ldap服务器验证这些详细信息,而无需任何进一步的重定向。
请提供建议/帮助。预先感谢!