0
我是Apache Shiro和LDAP的新手。 我想使用Apache shiro创建一个简单的LDAP身份验证。身份验证正常,但我无法向用户添加角色。下面是shiro.ini文件我使用:如何通过LDAP身份验证使用Apache Shiro添加角色授权
[main]
realm = org.apache.shiro.realm.ldap.JndiLdapRealm
realm.contextFactory.url = ldap://localhost:389
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.systemUsername = cn=Manager,dc=maxcrc,dc=com
contextFactory.systemPassword = secret
[roles]
People = *
role = *
Administrator = *
及以下的Java类文件:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import java.util.ArrayList;
import java.util.List;
import javax.naming.NamingException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;
public class LDAPTest extends JndiLdapRealm
{
public static final String userName = "uid=aarippa,ou=People,dc=maxcrc,dc=com";
//public static final String userName = "uid=arjunarippa";
public static final String password = "SomePassword";
public static void main(String[] args)
{
Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
System.out.println("userName is : " +userName);
System.out.println("password is : " +password);
//UsernamePasswordToken token = new UsernamePasswordToken("cn=Panji Pratomo,ou=people,dc=maxcrc,dc=com", "SomePassword");
UsernamePasswordToken token = new UsernamePasswordToken(userName,password);
Subject currentUser = SecurityUtils.getSubject();
//System.out.println(currentUser);
try
{
currentUser.login(token);
System.out.println("We've authenticated! :)");
}
catch (AuthenticationException e)
{
System.out.println("We did not authenticate :(");
e.printStackTrace();
}
if (currentUser.hasRole("people"))
{
System.out.println("We have the role! :)");
}
else
{
System.out.println("We do not have the role :(");
}
if (currentUser.isPermitted("foo.blah"))
{
System.out.println("We're authorized! :)");
}
else
{
System.out.println("We are not authorized :(");
}
}
}
我无法理解如何将角色添加到用户。身份验证工作正常,但得到的错误消息为“我们没有角色:(”和“我们没有授权:(” 目前我使用的是OpenLDAP服务器,下面是一个.LDIF条目,我做了服务器:
dn: uid=aarippa,ou=people,dc=maxcrc,dc=com
objectclass: inetOrgPerson
cn: Arjun Arippa
cn: A Arippa
cn: Aarippa
sn: fahmi
uid: aarippa
userpassword: SomePassword
carlicense: HISCAR 123
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: tukang ngulik ga jelas
ou: SOA
任何人都可以请让我知道,如果我加入了正确的角色做了正确的事情,如果我错了纠正我,我失去的东西的方法写
感谢。? , Arjun
最初我虽然可以使用LDAP领域。但看到您的评论后,我尝试使用AD Realm(因为我仍然不确定要求是使用LDAPRealm还是ADRealm)。所以我正在尝试使用ADRealm进行身份验证和角色授权。然而,我收到一个错误: '线程中的异常'main'org.apache.shiro.authz.AuthorizationException:尝试检索用户授权时的LDAP命名错误[uid = aarippa,ou = people,dc = maxcrc ,DC = COM]。 \t在org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthorizationInfo(AbstractLdapRealm.java:210)' – Arjun
下面是我在OpenLDAP服务器条目: 'DN:UID = aarippa,OU =人,DC = maxcrc, DC = COM 对象类:为inetOrgPerson CN:阿琼Arippa CN:甲Arippa CN:Aarippa SN:法赫米 UID:aarippa 的userPassword:SomePassword carlicense:HISCAR 123 HOMEPHONE:555-111 -2222 邮箱:[email protected] 邮箱:[email protected] 邮箱:[email protected] 描述:土炕ngulik GA jelas OU:SOA ' – Arjun
和下面是我进入在shiro.ini文件提出: 'activeDirectoryRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm activeDirectoryRealm.searchBase = “OU =人,DC = maxcrc,DC = COM” activeDirectoryRealm.systemUsername =经理 activeDirectoryRealm .systemPassword = secret activeDirectoryRealm.url = ldap:// localhost:389 activeDirectoryRealm.groupRolesMap =“ ou = People,dc = maxcrc,dc = com“:”sysadmin“ securityManager。realm = $ activeDirectoryRealm activeDirectoryRealm.authorizationCachingEnabled = false' – Arjun