差異處
這裏顯示兩個版本的差異處。
|
java:ldap:spring:object-relation [2016/05/05 23:49] tony [AuthenticationProvider] |
java:ldap:spring:object-relation [2023/06/25 09:48] |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | {{tag>ldap spring spring-ldap spring-security}} | ||
| - | ====== Spring-Security with LDAP物件關係 ====== | ||
| - | ===== Introduction ===== | ||
| - | 本篇主要記載Spring-Security-LDAP中,我們有使用到的物件去做說明。我們目的是整合LDAP與AD驗證,其中為了滿足我們的需求,對不少Spring所提供的物件做擴充。 | ||
| - | ===== Configuration With Code ===== | ||
| - | 以我的範例來說,首先會透過資料庫做登入認證,接著會是AD,最後是LDAP。而透過程式碼配置的方式,會去extend [[http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter]];接著override configure的method,[[http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html|AuthenticationManagerBuilder]]可以讓你配置AuthenticationProvider: | ||
| - | <code java> | ||
| - | @Autowired | ||
| - | @Qualifier("dataSource") | ||
| - | DataSource datasource; | ||
| - | @Autowired | ||
| - | @Qualifier("ldapConfig") | ||
| - | Properties ldapConfig; | ||
| - | |||
| - | @Autowired | ||
| - | @Qualifier("adConfig") | ||
| - | Properties adConfig; | ||
| - | |||
| - | @Override | ||
| - | protected void configure(AuthenticationManagerBuilder aAuth) throws Exception { | ||
| - | aAuth.jdbcAuthentication().dataSource(datasource); | ||
| - | |||
| - | String domain = (String)adConfig.get("ad.domain"); | ||
| - | String url = (String)adConfig.get("ad.url"); | ||
| - | ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url); | ||
| - | aAuth.authenticationProvider(adProvider); | ||
| - | |||
| - | aAuth.ldapAuthentication() | ||
| - | .groupSearchBase(ldapConfig.get("ldap.groupSearchBase")) | ||
| - | .groupSearchFilter(StringUtil.apendStrings(ldapConfig.get("ldap.groupSearchAttr"), "={0}")) | ||
| - | .userSearchBase(ldapConfig.get("ldap.userSearchBase")) | ||
| - | .userSearchFilter(StringUtil.apendStrings(ldapConfig.get("ldap.userSearchAttr"), "={0}")) | ||
| - | .contextSource() | ||
| - | .url(StringUtil.apendStrings("ldap://", ldapConfig.get("ldap.host"), ":", ldapConfig.get("ldap.port"), "/", ldapConfig.get("ldap.baseDn"))) | ||
| - | .managerDn(ldapConfig.get("ldap.managerDn")) | ||
| - | .managerPassword(ldapConfig.get("ldap.managerPassword")); | ||
| - | } | ||
| - | </code> | ||
| - | 以上程式碼的三個主要部分為: | ||
| - | * jdbcAuthentication(): 建立JdbcUserDetailsManager去透過資料庫做驗證。 | ||
| - | * ldapAuthentication(): 建立LdapAuthenticationProvider去透過Ldap做驗證。 | ||
| - | * authenticationProvider(): 將ActiveDirectoryLdapAuthenticationProvider加到Provider列表中,去透過AD做驗證。 | ||
| - | \\ | ||
| - | 假如你想做更多的變化,也可以自行實做AuthenticationProvider將這些東西串起來。 | ||
| - | ===== AuthenticationProvider ===== | ||
| - | AuthenticationProvider是驗證的核心。舉例來說,使用者在登入畫面輸入了帳號密碼,最後就會透過authenticate method做驗證;其中傳入的[[http://docs.spring.io/autorepo/docs/spring-security/4.0.3.RELEASE/apidocs/org/springframework/security/core/Authentication.html|Authentication]]會包含帳號密碼,回傳的則包含使用者權限: | ||
| - | <code java> | ||
| - | Authentication authenticate(Authentication authentication) throws AuthenticationException; | ||
| - | </code> | ||
| - | Authentication比較重要的methods: | ||
| - | * Object getCredentials(): 密碼。 | ||
| - | * Object getPrincipal(): 帳號。 | ||
| - | * Collection<? extends GrantedAuthority> getAuthorities(): 泛指權限。 | ||
| - | \\ | ||
| - | 接著對LDAP與AD的AuthenticationProvider做說明。 | ||
