前面介绍过基于本地数据库验证的方式,参考http://hanqunfeng.iteye.com/blog/1155226,这里说一下如何修改为使用AD进行身份验证【只对用户名和密码进行验证,权限依旧存储在本地数据库中】。
将配置文件中的如下部分删除:
<!-- 认证管理器,使用自定义的UserDetailsService,并对密码采用md5加密--> <authentication-manager> <authentication-provider user-service-ref="userService"> <password-encoder hash="md5" /> </authentication-provider> </authentication-manager> <beans:bean id="userService" class="com.piaoyi.common.security.UserService" />
并添加如下内容:
<!-- ldap contextSource ldap服务器 --> <!-- 继承于org.springframework.ldap.core.support.LdapContextSource --> <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <beans:constructor-arg value="ldap://192.168.159.xxx:389" /> <beans:property name="userDn" value="cn=admin,cn=Users,dc=piaoyi,dc=local" /> <beans:property name="password" value="xxxxxxx" /> </beans:bean> <!-- ldap 认证代理 --> <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <beans:constructor-arg ref="ldapBindAuthenticator" /> <beans:constructor-arg ref="ldapAuthoritiesPopulator" /> </beans:bean> <!-- 用户认证:凭证绑定 --> <beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator"> <beans:constructor-arg ref="contextSource" /> <beans:property name="userSearch" ref="userSearch" /> </beans:bean> <!-- 用户查询规则 --> <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <beans:constructor-arg index="0" value="cn=Users,dc=piaoyi,dc=local" /> <beans:constructor-arg index="1" value="(sAMAccountName={0})" /> <beans:constructor-arg index="2" ref="contextSource" /> </beans:bean> <!-- 角色控制,这里授予所有AD验证通过的用户HODLE角色 --> <beans:bean class="com.netqin.common.security.SimpleRoleGrantingLdapAuthoritiesPopulator" id="ldapAuthoritiesPopulator" /> <!-- 认证管理器,如果使用基于cookie的<remember-me/>,需要声明LdapUserDetailsService --> <authentication-manager> <authentication-provider ref="ldapAuthProvider" /> </authentication-manager> <!-- ldapUserDetailsService 用于<remember-me user-service-ref="ldapUserDetailsService"/> --> <beans:bean id="ldapUserDetailsService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService"> <beans:constructor-arg index="0" ref="userSearch" /> <beans:constructor-arg index="1" ref="ldapAuthoritiesPopulator" /> </beans:bean>
这里仅使用到一个自定义类,它只有一个作用,就是授予所有用户HODLE角色,而真正的权限验证还是交给投票器处理。
SimpleRoleGrantingLdapAuthoritiesPopulator:
package com.netqin.common.security; import java.util.Arrays; import java.util.Collection; import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; public class SimpleRoleGrantingLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { protected String role = "HODLE"; public Collection<GrantedAuthority> getGrantedAuthorities( DirContextOperations userData, String username) { GrantedAuthority ga = new SimpleGrantedAuthority(role); return Arrays.asList(ga); } public String getRole() { return role; } public void setRole(String role) { this.role = role; } }
参考资料:
http://lengyun3566.iteye.com/blog/1358310
相关推荐
spring-security-ldap-2.0.1
A.3. ACL表 A.3.1. Hypersonic SQL A.3.1.1. PostgreSQL B. 安全命名空间 B.1. Web应用安全 - 元素 B.1.1. 属性 B.1.1.1. servlet-api-provision B.1.1.2. path-type B.1.1.3. lowercase-comparisons B....
包含spring ldap开发用的包,是当前的最新版,其余还需要jar包括commons-collection.jar,commons-lang.jar,commons-logging.jar,ldapbp.jar,spring-beans.jar,spring-context.jar,spring-dao.jar
Softerra LDAP Administrator 2019.1 最新版本,功能齐全,稳定
19.3.3. 读取授权 19.4. 实现类 19.4.1. LdapAuthenticator实现 19.4.1.1. 常用功能 19.4.1.2. BindAuthenticator 19.4.1.3. PasswordComparisonAuthenticator 19.4.1.4. 活动目录认证 19.4.2. 链接到...
spring-security-ldap-3.0.3.RELEASE-sources.jar spring-security-openid-3.0.3.RELEASE-sources.jar spring-security-samples-contacts-3.0.3.RELEASE-sources.jar spring-security-samples-tutorial-3.0.3....
在windows系统上搭建并配置一个LDAP服务器的LDAP admin连接工具。
spring-security-ldap-3.0.3.RELEASE.jar spring-security-openid-3.0.3.RELEASE.jar spring-security-taglibs-3.0.3.RELEASE.jar spring-security-web-3.0.3.RELEASE.jar tiles: tiles-servlet-2.1.4.jar ...
Spring Security-3.0.1 中文官方文档(翻译版) 这次发布的Spring Security-3.0.1 是一个bug fix 版,主要是对3.0 中存在的一些问题进 行修 正。文档中没有添加新功能的介绍,但是将之前拼写错误的一些类名进行...
spring security4 下载地址 http://repo.spring.io/snapshot/org/springframework/security/spring-security/4.0.0.CI-SNAPSHOT/ 所需要 jar 包 apacheds-core-1.5.5.jar aspectjrt-1.6.10.BUILD-20100810.234950-5...
spring security 3 ldap验证方式示例
LdapBrowser LdapBrowser
spring-ldap-2.3.2.RELEASE-dist.zip 包含官方文档和spring-ldap-core,spring-ldap-core-tiger,spring-ldap-ldif-core,spring-ldap-odm
spring-security-ldap-3.1.4.RELEASE spring-security-openid-3.1.4.RELEASE spring-security-remoting-3.1.4.RELEASE spring-security-taglibs-3.1.4.RELEASE spring-security-web-3.1.4.RELEASE 这些jar包都是通过...
apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm httpd-tools-2.2.15-69.el6.x86_64.rpm pykickstart-1.74.22-1.el6.noarch.rpm apr-util-1.3.9-3.el6_0.1.x86_64.rpm apr-1.3.9-5.el6_9.1.x86_64.rpm openscap-1.2.13-2....
资源分类:Python库 所属语言:Python 资源全名:repoze.who.plugins.ldap-1.0a1dev.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
用于 nginx 的 LDAP 身份验证模块nginx的LDAP模块,支持针对多个LDAP服务器的身份验证。如何安装FreeBSD cd /usr/ports/www/nginx && make config install clean 检查 HTTP_AUTH_LDAP 选项 [*] HTTP_AUTH_LDAP 3rd ...
spring-ldap-core-1.3.0.RELEASE.jar
httpd-2.4.46-1.src.rpm httpd-2.4.46-1.x86_64.rpm httpd-devel-2.4.46-1.x86_...mod_authnz_ldap-2.4.46-1.x86_64.rpm mod_lua-2.4.46-1.x86_64.rpm mod_proxy_html-2.4.46-1.x86_64.rpm mod_ssl-2.4.46-1.x86_64.rpm
389-ds-base-libs-1.2.11.15-11.el6.i686.rpm ,Linux安装包