差異處
這裏顯示兩個版本的差異處。
java:ldap:spring:object-relation [2016/05/05 23:43] tony |
java:ldap:spring:object-relation [2023/06/25 09:48] |
||
---|---|---|---|
行 1: | 行 1: | ||
- | {{tag>ldap spring spring-ldap spring-security}} | ||
- | ====== Spring-Security with LDAP物件關係 ====== | ||
- | ===== Configuration With Code ===== | ||
- | 以我的範例來說,首先會透過資料庫做登入認證,接著會是AD,最後是LDAP。而透過程式碼配置的方式,會去extend [[http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter]];接著override configure的method,[[http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html|AuthenticationManagerBuilder]]可以讓你配置AuthenticationProvider: | ||
- | <code java> | ||
- | @Autowired | ||
- | @Qualifier("dataSource") | ||
- | DataSource datasource; | ||
- | @Autowired | ||
- | @Qualifier("ldapConfig") | ||
- | Properties ldapConfig; | ||
- | |||
- | @Autowired | ||
- | @Qualifier("adConfig") | ||
- | Properties adConfig; | ||
- | |||
- | @Override | ||
- | protected void configure(AuthenticationManagerBuilder aAuth) throws Exception { | ||
- | aAuth.jdbcAuthentication().dataSource(datasource); | ||
- | |||
- | String domain = (String)adConfig.get("ad.domain"); | ||
- | String url = (String)adConfig.get("ad.url"); | ||
- | ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url); | ||
- | aAuth.authenticationProvider(adProvider); | ||
- | |||
- | aAuth.ldapAuthentication() | ||
- | .groupSearchBase(ldapConfig.get("ldap.groupSearchBase")) | ||
- | .groupSearchFilter(StringUtil.apendStrings(ldapConfig.get("ldap.groupSearchAttr"), "={0}")) | ||
- | .userSearchBase(ldapConfig.get("ldap.userSearchBase")) | ||
- | .userSearchFilter(StringUtil.apendStrings(ldapConfig.get("ldap.userSearchAttr"), "={0}")) | ||
- | .contextSource() | ||
- | .url(StringUtil.apendStrings("ldap://", ldapConfig.get("ldap.host"), ":", ldapConfig.get("ldap.port"), "/", ldapConfig.get("ldap.baseDn"))) | ||
- | .managerDn(ldapConfig.get("ldap.managerDn")) | ||
- | .managerPassword(ldapConfig.get("ldap.managerPassword")); | ||
- | } | ||
- | </code> | ||
- | 以上程式碼的三個主要部分為: | ||
- | jdbcAuthentication(): 建立JdbcUserDetailsManager去透過資料庫做驗證。\\ | ||
- | ldapAuthentication(): 建立LdapAuthenticationProvider去透過Ldap做驗證。\\ | ||
- | authenticationProvider(): 將ActiveDirectoryLdapAuthenticationProvider加到Provider列表中,去透過AD做驗證。\\ | ||
- | \\ | ||
- | 假如你想做更多的變化,也可以自行實做AuthenticationProvider將這些東西串起來。 | ||
- | ===== AuthenticationProvider ===== | ||
- | AuthenticationProvider是驗證的核心。舉例來說,使用者在登入畫面輸入了帳號密碼,最後就會透過authenticate method做驗證;其中傳入的[[http://docs.spring.io/autorepo/docs/spring-security/4.0.3.RELEASE/apidocs/org/springframework/security/core/Authentication.html|Authentication]]會包含帳號密碼,回傳的則包含使用者權限: | ||
- | <code java> | ||
- | Authentication authenticate(Authentication authentication) throws AuthenticationException; | ||
- | </code> | ||
- | Authentication比較重要的methods: | ||
- | * Object getCredentials(): 密碼。 | ||
- | * Object getPrincipal(): 帳號。 | ||
- | * Collection<? extends GrantedAuthority> getAuthorities(): 權限。 |