我正在使用带有 Java 配置和 LDAP 身份验证/授权的 Spring Security 3.2.5。
我们需要在 LDAP 中的两个单独的树中搜索组。
ou=组
and
ou=组、ou=webapps、ou=应用程序
我进行了搜索,但无法找到有关此主题的任何信息。
这是我当前运行良好的代码:
@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {
builder
.ldapAuthentication()
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users")
.groupSearchBase("ou=groups");
}
我想做这样的事情:
builder
.ldapAuthentication()
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users")
.groupSearchBase("ou=groups")
.groupSearchBase("ou=Groups,ou=webapps,ou=Applications");
这是可以理解的,这是行不通的。
有人知道从哪里开始吗?
我的解决方案是创建一个实现org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
它可以调用多个实例LdapAuthoritiesPopulator
。然后创建一个LdapAuthoritiesPopulator
对于我想要查询的每个“groupSearchBase”。
@Autowired
public void configureGlobal(UserDetailsContextMapper userDetailsContextMapper, LdapContextSource contextSource, AuthenticationManagerBuilder builder) throws Exception {
MultipleLdapAuthoritiesPopulator multipleLdapAuthoritiesPopulator = new MultipleLdapAuthoritiesPopulator(
new DefaultLdapAuthoritiesPopulator(contextSource, "ou=Groups,ou=webapps,ou=Applications"),
new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups"));
builder
.ldapAuthentication()
.ldapAuthoritiesPopulator(multipleLdapAuthoritiesPopulator)
.userDetailsContextMapper(userDetailsContextMapper)
.contextSource(contextSource)
.userSearchFilter("cn={0}")
.userSearchBase("ou=Users");
}
class MultipleLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private List<LdapAuthoritiesPopulator> authoritiesPopulators;
public MultipleLdapAuthoritiesPopulator(LdapAuthoritiesPopulator...authoritiesPopulators) {
this.authoritiesPopulators = asList(authoritiesPopulators);
}
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
List<GrantedAuthority> grantedAuthorities = authoritiesPopulators.stream()
.map(authPopulator -> authPopulator.getGrantedAuthorities(userData, username))
.flatMap(Collection::stream)
.collect(Collectors.toList());
return grantedAuthorities;
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)