Spring security Spring Security LDAP从LDAP加载角色
使用SpringSecurityLDAP及其身份验证很好,但是现在我需要从LDAP条目加载userLevel属性来确定用户的级别 我的Spring安全配置如下所示Spring security Spring Security LDAP从LDAP加载角色,spring-security,spring-security-ldap,Spring Security,Spring Security Ldap,使用SpringSecurityLDAP及其身份验证很好,但是现在我需要从LDAP条目加载userLevel属性来确定用户的级别 我的Spring安全配置如下所示 @Profile(value = {"sit", "uat", "prod"}) @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired protec
@Profile(value = {"sit", "uat", "prod"})
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
protected Environment environment;
public SecurityConfig() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase("dc=fantasycompany,dc=com")
.userDnPatterns("cn={0},ou=users,ou=somedepartment,o=departments,c=US,dc=fantasycompany,dc=com")
.contextSource()
.url("ldaps://someserver:636")
.managerDn("cn=someone,cn=users,dc=fantasycompany,dc=com")
.managerPassword("somethingsomething");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
/**httpSecurity.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/",true)
.failureUrl("/login.html?error=true");*/
httpSecurity
.csrf().disable()
.authorizeRequests()
.antMatchers("/login*").permitAll()
.antMatchers("/css/*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/",true)
.failureUrl("/login?error=true")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID");
}
}
如何让Spring将userLevel属性从LDAP条目加载到角色中?您需要一个自定义的LdapAuthoritiesPopulator来读取属性(例如,使用AD时为“memberOf”,使用OpenDJ时为“isMemberOf”),以提取“角色”
ActiveDirectoryLdapAuthenticationProvider在不使用LdapAuthoritiesPopulator的情况下执行此操作。您需要一个自定义LDAPAuthoriesPopulator来读取属性(例如,使用AD时为“memberOf”,使用OpenDJ时为“isMemberOf”),以提取“角色” ActiveDirectoryLdapAuthenticationProvider在不使用LdapAuthoritiesPopulator的情况下执行此操作