Spring security 带华夫格的LDAP单点登录
我使用的是Spring5Web应用程序 我对华夫饼干一无所知 我想使用华夫格让用户使用他们的Windows凭据在我的web应用程序上进行身份验证。 一旦我得到用户名,我将执行LDAP serach 但我不确定在哪里可以编写自定义代码来获取用户名进行验证 我尝试了spring安全LDAP。但无法获取窗口用户登录名。 在网上有人建议使用华夫格来获取窗口用户信息 Web安全配置代码Spring security 带华夫格的LDAP单点登录,spring-security,spring-security-ldap,waffle,Spring Security,Spring Security Ldap,Waffle,我使用的是Spring5Web应用程序 我对华夫饼干一无所知 我想使用华夫格让用户使用他们的Windows凭据在我的web应用程序上进行身份验证。 一旦我得到用户名,我将执行LDAP serach 但我不确定在哪里可以编写自定义代码来获取用户名进行验证 我尝试了spring安全LDAP。但无法获取窗口用户登录名。 在网上有人建议使用华夫格来获取窗口用户信息 Web安全配置代码 @Autowired public WindowsAuthenticationProvider windowsAuth
@Autowired
public WindowsAuthenticationProvider windowsAuthenticationProvider;
@Autowired
private NegotiateSecurityFilter securityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint authenticationEntryPoint;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(this.securityFilter, BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.authenticationProvider(windowsAuthenticationProvider) // Set authentication provider here
.formLogin();
//.authenticationDetailsSource(waffleAuthenticationDetailsSource);
}
//Waffle Spring Security Beans
@Bean
public WindowsAuthProviderImpl windowsAuthProvider() {
WindowsAuthProviderImpl waffle = new WindowsAuthProviderImpl();
return waffle;
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider) {
final List<SecurityFilterProvider> securityFilterProviders = new ArrayList<SecurityFilterProvider>();
securityFilterProviders.add(negotiateSecurityFilterProvider);
return new SecurityFilterProviderCollection(securityFilterProviders.toArray(new SecurityFilterProvider[]{}));
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
@Bean
@Autowired
public WindowsAuthenticationProvider windowsAuthenticationProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
WindowsAuthenticationProvider provider = new WindowsAuthenticationProvider();
provider.setAuthProvider(windowsAuthProvider);
return provider;
}
@Autowired
公共WindowsAuthenticationProvider WindowsAuthenticationProvider;
@自动连线
私有NegotiateSecurityFilter securityFilter;
@自动连线
private NegotiateSecurityFilterEntryPoint authenticationEntryPoint;
@凌驾
受保护的void configure(最终HttpSecurity http)引发异常{
http
.授权请求()
.anyRequest().authenticated()
.及()
.addFilterBefore(this.securityFilter,BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(此.authenticationEntryPoint)
.及()
.authenticationProvider(windowsAuthenticationProvider)//在此处设置身份验证提供程序
.formLogin();
//.authenticationDetailsSource(waffleAuthenticationDetailsSource);
}
//华夫饼干弹簧安全豆
@豆子
公共WindowsAuthProviderImpl windowsAuthProvider(){
WindowsAuthProviderImpl waffle=新WindowsAuthProviderImpl();
返回华夫饼;
}
@豆子
@自动连线
public NegotiateSecurityFilterProvider NegotiateSecurityFilterProvider(最终WindowsAuthProviderImpl windowsAuthProvider){
返回新的NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@豆子
@自动连线
公共安全过滤器ProviderCollection华夫格安全过滤器ProviderCollection(最终协商安全过滤器Provider协商安全过滤器Provider){
最终列表securityFilterProviders=new ArrayList();
添加(negotiateSecurityFilterProvider);
返回新的SecurityFilterProviderCollection(securityFilterProviders.toArray(新的SecurityFilterProvider[]{}));
}
@豆子
@自动连线
公共协商证券过滤点协商证券过滤点(最终证券过滤提供集合证券过滤提供集合){
最终NegotiateSecurityFilterEntryPoint NegotiateSecurityFilterEntryPoint=新NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
返回negotiateSecurityFilterEntryPoint;
}
@豆子
@自动连线
public NegotiateSecurityFilter华夫格NegotiateSecurityFilter(最终SecurityFilterProviderCollection SecurityFilterProviderCollection){
最终NegotiateSecurityFilter NegotiateSecurityFilter=新NegotiateSecurityFilter();
setProvider(securityFilterProviderCollection);
返回negotiateSecurityFilter;
}
@豆子
@自动连线
公共WindowsAuthenticationProvider WindowsAuthenticationProvider(最终WindowsAuthProviderImpl windowsAuthProvider){
WindowsAuthenticationProvider=新的WindowsAuthenticationProvider();
provider.setAuthProvider(windowsAuthProvider);
退货供应商;
}
xml
您希望用户“华夫格”使用基于Windows Kerberos的SSO,还是只想使用LDAP(针对Windows AD)对用户进行身份验证?如果是后者,你不需要华夫饼干。如果是前者,为什么需要验证用户名?Kerberos eco系统已经对其进行了验证。我想获取窗口用户名以验证请求。对于获取窗口用户名,有人建议使用华夫饼干。Windows实际上没有“用户名”。如果使用Kerberos对用户进行身份验证,则会出现UserPrincipalName(通常类似于'samAccountName@KerberosRealm--大多数时候它看起来像电子邮件地址,但实际上不是)。如果LDAP用于身份验证,“可分辨名称”与密码一起用于LDAP绑定操作。Spring Security基于某些搜索筛选器搜索DN。您可以定义哪个属性用作“用户名”。为了简单起见,只需使用LDAP即可。
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />
<http-basic />
</http>
<beans:bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
<beans:property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</beans:bean>
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
<beans:bean id="customAuthenticationProvider" class="sunrise.crm.webapp.common.security.CustomAuthenticationProvider">
<!-- <beans:property name="userDetailsService" ref="userDetailsService" /> -->
</beans:bean>
<beans:bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />
<beans:bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
<beans:constructor-arg ref="waffleWindowsAuthProvider" />
</beans:bean>
<beans:bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
<beans:constructor-arg ref="waffleWindowsAuthProvider" />
</beans:bean>
<beans:bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
<beans:constructor-arg>
<beans:list>
<beans:ref bean="negotiateSecurityFilterProvider" />
<beans:ref bean="basicSecurityFilterProvider" />
</beans:list>
</beans:constructor-arg>
</beans:bean>