文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Security配置

Security配置
EN

Stack Overflow用户
提问于 2015-02-16 07:07:06
回答 1查看 1.4K关注 0票数 4

我正在研究Security,并希望了解使用注释的的配置。我需要将我的项目与我工作场所的LDAP服务器连接起来。

spring
security
active-directory
ldap
spring-ldap
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2015-02-27 10:15:39

代码语言:javascript
复制
@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth
         .authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }



/** To configure LDAP SERVER **/

        @Bean
        public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

            ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);

            provider.setConvertSubErrorCodesToExceptions(true);
            provider.setUseAuthenticationRequestCredentials(true);
            provider.setUserDetailsContextMapper(userDetailsContextMapper());


            return provider;
        }

        @Bean
        public UserDetailsContextMapper userDetailsContextMapper() {
            UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
            return contextMapper;
        }

        /** End configuration of LDAP SERVER **/    


    }``

公共类LdapSecuredUser扩展用户实现LdapUserDetails {

代码语言:javascript
复制
/**
 * 
 */


@Autowired
private IUserService userService;

User newUser=new User();



public LdapSecuredUser(User u) {
    newUser=u;
    if (u != null) {

        this.setEmailId(u.getEmailId());
        this.setUserGroups(u.getUserGroups());
        System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities() 
                +" ");

    }
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    Collection<GrantedAuthority> authorities = new ArrayList<>();


    Set<Permission> permissions = new HashSet<Permission>(0);
    for (UserGroup userGroup : newUser.getUserGroups()){
        System.out.println(userGroup.getUserGroupName());
        for(Permission permission : userGroup.getPermissions()){
            permissions.add(permission);
        }
    }

    if (permissions != null) {
        for (Permission permission : permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
                    permission.getPermissionName());
            authorities.add(authority);
        }
    }
    return authorities;
}

@Override
public String getUsername() {
    return super.getEmailId();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

@Override
public String getDn() {
    return null;
}

}

公共类AttributesLDAPUserDetailsContextMapper实现UserDetailsContextMapper {

代码语言:javascript
复制
/**
 * 
 */


 private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();

@Autowired
private IUserService userService;

@Autowired
private IUserGroupService usergroupService;

   @Override
    public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
    {
        InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
        User u = userService.findByEmailIdEquals(userLdap.getUsername());

        String databaseUserNameCheching=userLdap.getUsername();



        if (u == null)
        {
                u = new User();
                List<UserGroup> myGroupList=new ArrayList<UserGroup>();
                UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
                myGroupList.add(usergroup);
                Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
                u.setUserGroups(userGroups);
                u.setEmailId(userLdap.getUsername());
                userService.save(u);
                return  new LdapSecuredUser(u);
        }
        u.setEmailId(userLdap.getUsername());
        String emailId=userLdap.getUsername();
        u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));

        userService.save(u);
        for (UserGroup grantedAuthoritya : u.getUserGroups()) {
            System.out.println(grantedAuthoritya.getUserGroupName());
        };

        return  new LdapSecuredUser(u);
    }

    @Override
    public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
    {
        ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
    }

}

上面的代码是为Active目录编写的,其中不需要contextsource。在查找ldap属性时不需要显式查询。对我来说很管用。

票数 6
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/28536141

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档