Java Spring Security Ldap,仅登录指定组中的用户
就像在标题中一样,我希望只有spec的用户。这是我的身份验证代码:Java Spring Security Ldap,仅登录指定组中的用户,java,spring,ldap,spring-ldap,Java,Spring,Ldap,Spring Ldap,就像在标题中一样,我希望只有spec的用户。这是我的身份验证代码: public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication().userSearchFilter("(sAMAccountName={0})") .contextSource(contextSource()); } 我发现有像groupSearchFilter
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().userSearchFilter("(sAMAccountName={0})")
.contextSource(contextSource());
}
我发现有像
groupSearchFiltergroupSearchBasegroupRoleAttributegroupSearchBase("cn=yourgroup,ou=groups")
groupSearchFilter("(uniqueMember={0})")
"(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=entergroup,ou=users,dc=company,dc=com))"
其中cn、ou、dc是目录中组的规范我对Megha的解决方案做了一些修改
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://ip:port/DC=xxxx,DC=yyyy");
contextSource.setUserDn("user_service_account");
contextSource.setPassword("password_user_service_account");
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();
ldapAuthenticationProviderConfigurer
.userSearchBase("OU=Users,OU=Servers")
.userSearchFilter("(&(cn={0})(memberOf=CN=GROUP_NAME,OU=Groups,OU=Servers,DC=xxxx,DC=yyyy))")
.contextSource(contextSource);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").authenticated().and()
.httpBasic();
}
}
@配置
@启用Web安全性
公共类SecurityConfig扩展了WebSecurity配置适配器{
@配置
受保护的静态类身份验证配置扩展了GlobalAuthenticationConfigurerAdapter{
@凌驾
public void init(AuthenticationManagerBuilder auth)引发异常{
DefaultSpringSecurityContextSource contextSource=新的DefaultSpringSecurityContextSource(“ldap://ip:port/DC=xxxx,DC=yyy”);
setUserDn(“用户服务帐户”);
setPassword(“密码\用户\服务\帐户”);
contextSource.setReferral(“follow”);
contextSource.AfterPropertieSet();
LdapAuthenticationProviderConfigurer LdapAuthenticationProviderConfigurer=auth.ldapAuthentication();
ldapAuthenticationProviderConfigurer
.userSearchBase(“OU=用户,OU=服务器”)
.userSearchFilter(&(cn={0})(memberOf=cn=GROUP\u NAME,OU=Groups,OU=Servers,DC=xxxx,DC=yyyy)))
.contextSource(contextSource);
}
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http.authorizeRequests()
.antMatchers(“/admin/**”).authenticated()和()
.httpBasic();
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://ip:port/DC=xxxx,DC=yyyy");
contextSource.setUserDn("user_service_account");
contextSource.setPassword("password_user_service_account");
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();
ldapAuthenticationProviderConfigurer
.userSearchBase("OU=Users,OU=Servers")
.userSearchFilter("(&(cn={0})(memberOf=CN=GROUP_NAME,OU=Groups,OU=Servers,DC=xxxx,DC=yyyy))")
.contextSource(contextSource);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").authenticated().and()
.httpBasic();
}
}