我在 Spring MVC Thymeleaf 项目中工作,其中具有数据库和基于角色的授予权限的 LDAP 安全性是最终用户的必备要求.
我需要什么
- 主要身份验证应由 LDAP 执行
- 必须在数据库中配置用户角色和授予的权限以及 LDAP 用户名
将在网页中用作hasAuthority("permission_x")"
- LDAP 认证后,系统会检查用户是否作为白名单用户存在于数据库中
- 白名单检查后,将为用户加载角色和权限,并对加载的权限(非角色)进行授权
我在这里发现了什么:
具有 LDAP 和数据库角色的 Spring Security,这有点过时了
spring.io/guides/gs/authenticating-ldap/ 此处仅显示 LDAP 身份验证.
- www.baeldung/role-and-privilege-for-spring-security-registration 授予权限示例
现在我的问题是:
LDAP 身份验证和基于 jdbc 的授权将如何协同工作?有人可以帮忙吗?
提前致谢
解决方案既然我找到了解决方案,我在这里分享我自己的答案.希望它会帮助其他人:
我的回答是:
我是如何解决问题的:
第 1 步:
诀窍是使用 UserDetailsContextMapper 和由常规 UserDetailsService 提供的 UserDetails.
示例:
@Override公共无效配置(AuthenticationManagerBuilder auth)抛出异常{授权.ldapAuthentication().userDetailsContextMapper(userDetailsContextMapper()).userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups").contextSource().url("ldap://localhost:8389/dc=springframework,dc=org").and().passwordCompare().passwordEncoder(new BCryptPasswordEncoder()).passwordAttribute("用户密码");}@豆公共 UserDetailsContextMapper userDetailsContextMapper() {返回新的 LdapUserDetailsMapper() {@覆盖public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authority) {UserDetails details= userDetailsService.loadUserByUsername(username+"@test");退货详情;}};}LDAP 身份验证成功后,它将尝试将有效的注册用户加载到具有所有授予权限的上下文中.
第 2 步
hasAuthority 对我不起作用.我用过类似下面的东西:
<div class="alert alert-success" role="alert">这是秘密 DIV为了快速检查,您可以使用以下内容:
我希望有一天它会帮助某人.
快乐编码!
用于 LDAP over SSL 和 Spring Boot
I am working in a Spring MVC Thymeleaf project where LDAP security with Database and Role-based granted authorities is a must-have requirement from the end-user.
What I need
- Primary authentication should be performed by LDAP
- User Role and granted authorities must be configured in the database along with LDAP user name
Which will be used in web page as "hasAuthority("permission_x")"
- After LDAP Authentication, System will check if User Exist in the database as a white list user
- After the white list check, roles and privileges will be loaded for the user and authorization will be imposed for loaded permissions(not role)
What I found is here:
Spring Security with LDAP and Database roles, which is a bit outdated
spring.io/guides/gs/authenticating-ldap/ where only LDAP authentication is shown.
- www.baeldung/role-and-privilege-for-spring-security-registration Granted Authority example
Now my questions are:
How LDAP authentication and jdbc based authorization will work together? Can anybody help?
Thanks in advance
解决方案Since I have found a solution, I am sharing my own answer here. Hope it will help others:
My Answers are:
How I solved my problem:
Step 1:
The trick is using a UserDetailsContextMapper with UserDetails provided by regular UserDetailsService.
example:
@Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDetailsContextMapper(userDetailsContextMapper()) .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups") .contextSource() .url("ldap://localhost:8389/dc=springframework,dc=org") .and() .passwordCompare() .passwordEncoder(new BCryptPasswordEncoder()) .passwordAttribute("userPassword"); } @Bean public UserDetailsContextMapper userDetailsContextMapper() { return new LdapUserDetailsMapper() { @Override public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) { UserDetails details= userDetailsService.loadUserByUsername(username+"@test"); return details; } }; }After successful LDAP authentication, it will try to load valid registered user to the context with all granted authorities.
Step 2
hasAuthority didn't work for me. I have used something like below:
<div sec:authorize="hasRole('SOME_PRIVILEGE')"> <div class="alert alert-success" role="alert"> This is secret DIV </div> </div>For a quick check, you can use below:
<span sec:authentication="principal.authorities"></span>I hope it will help somebody someday.
Happy Coding!
Edit: For LDAP over SSL and Spring Boot
更多推荐
如何使用 LDAP 和基于角色的数据库授予权限实现 Spring Security?
发布评论