0
目前,我在为了autheticate与数据源和春季工作,认证使用LDAP春季
这是我的配置在安全-APP-context.xml中
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/administration/**" access="hasRole('ADMIN')" />
<intercept-url pattern="/citizen/**" access="hasRole('USER')" />
<form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
default-target-url = "/citizen/test.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean class="com.test.redirect.CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password, enabled from users where username=?" authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
,这是CustomAuthenticationHandler .java
import java.io.IOException;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
public class CustomAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
String targetUrl = "/test/page.htm";
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ADMIN")) {
getRedirectStrategy().sendRedirect(request, response, targetUrl);
} else {
super.onAuthenticationSuccess(request, response, authentication);
return;
}
}
}
我想知道更正配置为了验证不与数据源,但与ldap
这是我的LDAP相同的参数:
Base Provider URL
ldap://192.168.0.88:389
Base DN
DC=MINISTER,DC=FR
Principal
CN=LDAP Requester,OU=Users,OU=Technical Accounts,OU=P9 Accounts,DC=MINISTER,DC=FR
Credentials
minister$9999
Users
Authentication Search Filter
(&(objectClass=person)([email protected][email protected]))
Users DN DC=MINISTER,DC=FR
Groups DN DC=MINISTER,DC=FR
更新:
我尝试使用此代码:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/administration/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/citizen/**" access="hasRole('USER')" />
<intercept-url pattern="/menu/menu.htm" access="hasAnyRole('ROLE_ADMIN','USER')" />
<form-login login-page="/index.htm"
default-target-url = "/citizen/test.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean id="grantedAuthoritiesMapper" class="com.test.ActiveDirectoryGrantedAuthoritiesMapper"/>
<authentication-manager>
<authentication-provider ref="ldapActiveDirectoryAuthProvider" />
</authentication-manager>
<beans:bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="DC=MINISTER,DC=TN" />
<beans:constructor-arg value="ldap://192.168.0.88:389" />
<beans:property name="authoritiesMapper" ref="grantedAuthoritiesMapper" />
<beans:property name="useAuthenticationRequestCredentials" value="true" />
<beans:property name="convertSubErrorCodesToExceptions" value="true" />
</beans:bean>
</beans:beans>
,这是一个Java类:
import java.io.IOException;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Set;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
/**
* Maps the groups defined in LDAP nomenclature to roles for a specific user.
*/
public class ActiveDirectoryGrantedAuthoritiesMapper implements GrantedAuthoritiesMapper {
// Constants for group defined in LDAP
private static final String ROLE_ADMIN = "ADMIN";
public ActiveDirectoryGrantedAuthoritiesMapper() {
}
public Collection<? extends GrantedAuthority> mapAuthorities(
final Collection<? extends GrantedAuthority> authorities) {
Set<SecurityContextAuthority> roles = EnumSet.noneOf(SecurityContextAuthority.class);
for (GrantedAuthority authority : authorities) {
// authority.getAuthority() returns the role in LDAP nomenclature
if (ROLE_ADMIN.equals(authority.getAuthority())) {
roles.add(SecurityContextAuthority.ROLE_ADMIN);
}
}
return roles;
}
}
这是SecurityContextAuthority.java类
import org.springframework.security.core.GrantedAuthority;
/**
* Maps the groups defined in LDAP to roles for a specific user.
*/
public enum SecurityContextAuthority implements GrantedAuthority {
// These roles are specified in the security context (security.xml) and are
// mapped to LDAP roles by the ActiveDirectoryGrantedAuthoritiesMapper
ROLE_ADMIN;
public String getAuthority() {
return name();
}
}
,但是当我测试我有这样的错误:
[org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider] (http-localhost-127.0.0.1-8080-3) Active Directory authentication failed: Supplied password was invalid