带有弹簧安全性的LDAP身份验证,无需指定组

时间:2020-08-12 07:54:34

标签: spring-mvc spring-ldap spring-security-ldap

我想在所有组(ou)的ldap服务器下对用户进行身份验证。我无法为ldap服务器下的所有组配置它。我想允许所有用户登录我的spring mvc应用程序。目前,我正在对两个组(OU)下的用户进行身份验证,它对我来说效果很好。现在,我想要一个通用的解决方案来对用户进行身份验证并获取其组。

@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Session management 10 minutes
        http.sessionManagement().maximumSessions(10);
        http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();

    }
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.ldapAuthentication().userDnPatterns("cn={0},ou=people, ou=gruops,dc=ABC,dc=COM").userSearchBase("cn={0}").contextSource()
                .url("ldap://abc.com:389");
        
    }
    @Bean
    public LdapContextSource contextSource() {
        // DefaultSpringSecurityContextSource
        LdapContextSource contextSource = new LdapContextSource();
        contextSource.setUrl("ldap://abc.com:389");
        contextSource.setBase("dc=ABC,dc=COM");

        return contextSource;
    }
    @Bean
    public LdapTemplate ldapTemplate() {
        LdapTemplate ldapTemplate = new LdapTemplate(contextSource());
        ldapTemplate.setIgnorePartialResultException(true);
        return ldapTemplate;
    }


**Then i am authenticating users using ldapContextSource in Controller Class** 
------------------------------------------------------------------------


    @Autowired
    LdapContextSource contextSource; 
    private boolean validateUser(String userName, Stirng password) {
            String userDn = "cn=" + userName.toLowerCase() + "ou=people, ou=groups,dc=ABC,dc=COM";
    
            System.out.println("Inside Utility.Authenticate method");
            DirContext ctx = null;
            try {
    
                ctx = contextSource.getContext(userDn, password);
                return true;
            } catch (Exception e) {
                // Context creation failed - authentication did not succeed
                System.out.println("Login failed" + e);
                // logger.error();
                return false;
            } finally {
                // It is imperative that the created DirContext instance is always closed
                LdapUtils.closeContext(ctx);
            }
    } 
 
**This works well for two groups(ou=people,ou=groups).  I have other organizational units under ldap://abc.com:389. I want to allow all the groups under ldap server without specifying them all.**

0 个答案:

没有答案
相关问题
最新问题