我跟着this article并配置我的应用程序通过LDAP进行身份验证(这是完美的工作)。 现在我在应用程序中只使用3个角色,我想为它们创建映射。春天的LDAP角色映射
所以我实现的接口GrantedAuthoritiesMapper
@Component
public class MyAuthorityMapper implements GrantedAuthoritiesMapper {
@Autowired
private MyAuthorityConfig authoritiesConfig;
@Override
public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> collection) {
Set<MyAuthority> roles = EnumSet.noneOf(MyAuthority.class);
for (GrantedAuthority g : collection) {
for (String role : authoritiesConfig.getAuthoritiesMap().keySet()) {
if (Arrays.asList(authoritiesConfig.getAuthoritiesMap().get(role).split(",")).contains(g.getAuthority())) {
roles.add(MyAuthority.valueOf(role));
}
}
}
return roles;
}
}
这里是角色填充器
@Component
@ConfigurationProperties(prefix = "auth.role.mapping")
public class MyAuthorityConfig {
private Map<String, String> authroritiesMap = new HashMap<String, String>();
public Map<String, String> getAuthoritiesMap() {
return this.authroritiesMap;
}
}
和application-dev.properties
auth.role.mapping.ROLE_COMPETENCE_CENTER=ROLECC
auth.role.mapping.ROLE_OPERATIONS=ROLEOPS,ROLEPAR
auth.role.mapping.ROLE_ADMINISTRATOR=ROLEADM,ROLESUPUSR
现在MyAuhtorityConfig只包含空映射。是否可以使用@ConfigurationProperties
,就像我在这里使用它?我找不到如何用它填充地图。还是有配置文件特定的属性文件的问题?
在WebSecurityConfig我对LDAP的配置方法,但我不知道如何/在哪里注入MyAuthorityMapper
,或者因此对第一个问题与@ConfigurationProperties
有修正像它甚至有可能不使用ActiveDirectoryLdapAuthenticationProvider
private void configureLdap(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(env.getProperty("auth.ldap.urls"));
contextSource.setUserDn(env.getProperty("auth.ldap.user"));
contextSource.setPassword(env.getProperty("auth.ldap.password"));
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
auth.ldapAuthentication()
.userSearchBase(env.getProperty("auth.ldap.user.search.base"))
.userSearchFilter(env.getProperty("auth.ldap.user.search.filter"))
.groupSearchBase(env.getProperty("auth.ldap.group.search.base"))
.groupSearchFilter(env.getProperty("auth.ldap.group.search.filter"))
.groupRoleAttribute(env.getProperty("auth.ldap.group.search.attribute"))
.contextSource(contextSource)
;
}