Java Spring安全性-基于应用程序角色的Active Directory用户身份验证
我正在用SpringMVC框架和java开发一个web应用程序。我正在应用程序中使用active directory用户身份验证 现在,我想从sql数据库为这些用户分配角色。因此,整个身份验证过程将通过从两个来源获取信息来完成:[来自active directory的用户id和密码以及来自sql数据库的用户角色] 我在互联网上搜索了一些教程/示例,但是我找不到任何有用的东西。因此,在这个问题上的任何帮助都将不胜感激 这是我的spring安全文件的当前代码Java Spring安全性-基于应用程序角色的Active Directory用户身份验证,java,database,spring-security,active-directory,roles,Java,Database,Spring Security,Active Directory,Roles,我正在用SpringMVC框架和java开发一个web应用程序。我正在应用程序中使用active directory用户身份验证 现在,我想从sql数据库为这些用户分配角色。因此,整个身份验证过程将通过从两个来源获取信息来完成:[来自active directory的用户id和密码以及来自sql数据库的用户角色] 我在互联网上搜索了一些教程/示例,但是我找不到任何有用的东西。因此,在这个问题上的任何帮助都将不胜感激 这是我的spring安全文件的当前代码 <bean id="adAuthe
<bean id="adAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="abbl.org"/>
<constructor-arg value="LDAP://abbl.org"/>
<property name="convertSubErrorCodesToExceptions" value="true"/>
<property name="useAuthenticationRequestCredentials" value="true"/>
</bean>
<bean id="customAuthenticationProvider"
class="org.abbl.exhbp.templates.CustomAuthorityProvider">
<constructor-arg ref="adAuthenticationProvider"/>
</bean>
<security:authentication-manager>
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
为了实现上面提到的目标,我需要在这里做什么修改或实现?最后,我通过使用UsernamePasswordAuthenticationToken而不是AbstractAuthenticationToken实现了我的目标。解决方案如下: 1) spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:anonymous enabled="false"/>
<security:form-login login-page="/login" default-target-url="/home"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/loginfailed"/>
<security:logout logout-success-url="/logout"/>
</security:http>
<bean id="adAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="DOMAIN"/>
<constructor-arg value="URL"/>
<property name="convertSubErrorCodesToExceptions" value="true"/>
<property name="useAuthenticationRequestCredentials" value="true"/>
</bean>
<bean id="customAuthenticationProvider"
class="org.abbl.exhbp.templates.CustomAuthorityProvider">
<constructor-arg ref="adAuthenticationProvider"/>
</bean>
<security:authentication-manager>
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
2) CustomAuthorityProvider.class
public class CustomAuthorityProvider implements AuthenticationProvider {
private AuthenticationProvider delegate;
public CustomAuthorityProvider(AuthenticationProvider delegate) {
this.delegate = delegate;
}
public Authentication authenticate(Authentication authentication) {
final Authentication a = delegate.authenticate(authentication);
// Load additional authorities and create an Authentication object
final List<GrantedAuthority> authorities = getGrantedAuthorities(a.getName());
return new UsernamePasswordAuthenticationToken(a.getPrincipal(),a.getCredentials(),authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return delegate.supports(authentication);
}
List<GrantedAuthority> getGrantedAuthorities(String username) {
JdbcTemplateDataSource ds = new JdbcTemplateDataSource();
List<GrantedAuthority> roles = ds.getJdbcTemplate().query("select r.Role from Users u join UserRole ur on u.UserId = "
+ "ur.UserId join Roles r on r.RoleId = ur.RoleId where Username = ?",
new String[]{username},
new RowMapper<GrantedAuthority>() {
public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
return new SimpleGrantedAuthority(rs.getString(1));
}
});
return roles;
}
}
公共类CustomAuthorityProvider实现AuthenticationProvider{
私有身份验证提供者委托;
公共CustomAuthorityProvider(AuthenticationProvider委托){
this.delegate=委托;
}
公共身份验证(身份验证){
最终身份验证a=委托。身份验证(身份验证);
//加载其他权限并创建身份验证对象
最终列表权限=GetGrantedAuthories(a.getName());
返回新的UsernamePasswordAuthenticationToken(a.getPrincipal(),a.getCredentials(),Authority);
}
@凌驾
公共布尔支持(类身份验证){
返回委托。支持(身份验证);
}
列出GetGrantedAuthority(字符串用户名){
JdbcTemplateDataSource ds=新的JdbcTemplateDataSource();
List roles=ds.getJdbcTemplate().query(“从用户中选择r.Role u加入u.UserId上的用户角色ur=”
+“ur.UserId在r.RoleId=ur.RoleId上加入角色r,其中Username=?”,
新字符串[]{username},
新的行映射器(){
公共授权权限mapRow(ResultSet rs,int rowNum)引发SQLException{
返回新的SimpleGrantedAuthority(rs.getString(1));
}
});
返回角色;
}
}
看一看。可能是重复的。你发表评论时,我正在看答案。实际上,我对spring框架还不熟悉。到目前为止,他们一直在从互联网上寻找参考和样本。因此,这将是非常有帮助的,如果你能给我提供任何样本项目或指南,确切地说,我可以实现我打算做什么。我非常了解您的自定义AuthenticationProvider类。我不知道它将如何与我的sql数据库通信,以及数据库将以何种格式跟踪用户及其角色。期待您能在这方面帮助我…您可以以任何方式存储用户/角色。该链接中的函数loadRolesFromDatabaseHere
将根据用户的姓名加载该用户的角色。您可以自己编写SQL。类似的代码就可以了。@Luke Taylor:我已经根据建议和参考做了必要的修改。但登录后,我得到了一个例外。你能确切地告诉我我做错了什么吗-/
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:anonymous enabled="false"/>
<security:form-login login-page="/login" default-target-url="/home"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/loginfailed"/>
<security:logout logout-success-url="/logout"/>
</security:http>
<bean id="adAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="DOMAIN"/>
<constructor-arg value="URL"/>
<property name="convertSubErrorCodesToExceptions" value="true"/>
<property name="useAuthenticationRequestCredentials" value="true"/>
</bean>
<bean id="customAuthenticationProvider"
class="org.abbl.exhbp.templates.CustomAuthorityProvider">
<constructor-arg ref="adAuthenticationProvider"/>
</bean>
<security:authentication-manager>
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
public class CustomAuthorityProvider implements AuthenticationProvider {
private AuthenticationProvider delegate;
public CustomAuthorityProvider(AuthenticationProvider delegate) {
this.delegate = delegate;
}
public Authentication authenticate(Authentication authentication) {
final Authentication a = delegate.authenticate(authentication);
// Load additional authorities and create an Authentication object
final List<GrantedAuthority> authorities = getGrantedAuthorities(a.getName());
return new UsernamePasswordAuthenticationToken(a.getPrincipal(),a.getCredentials(),authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return delegate.supports(authentication);
}
List<GrantedAuthority> getGrantedAuthorities(String username) {
JdbcTemplateDataSource ds = new JdbcTemplateDataSource();
List<GrantedAuthority> roles = ds.getJdbcTemplate().query("select r.Role from Users u join UserRole ur on u.UserId = "
+ "ur.UserId join Roles r on r.RoleId = ur.RoleId where Username = ?",
new String[]{username},
new RowMapper<GrantedAuthority>() {
public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
return new SimpleGrantedAuthority(rs.getString(1));
}
});
return roles;
}
}