Authenticating a User with LDAP
首先创建一个简单的web控制器
1 package hello;
2
3 import org.springframework.web.bind.annotation.GetMapping;
4 import org.springframework.web.bind.annotation.RestController;
5
6 @RestController
7 public class HomeController {
8
9 @GetMapping("/")
10 public String index() {
11 return "Welcome to the home page!";
12 }
13 }
老生常谈,用到springboot,肯定少不了它的启动类
package hello;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
SpringSecurity需要用到的maven依赖如下图
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
开始做详细的安全认证,安全认证的思路是这样的“
创建一个类并继承WebSecurityConfigurerAdapter这个方法,并在之类中重写configure的3个方法,
其中3个方法中参数包括为
HttpSecurity(HTTP请求安全处理),AuthenticationManagerBuilder(身份验证管理生成器)和WebSecurity(WEB安全)。
如下代码
1 package com.ssm.demo.com.ssm.Hello;
2
3 import org.springframework.context.annotation.ComponentScan;
4 import org.springframework.context.annotation.Configuration;
5 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
8 import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
9 /**
10 *
11 创建一个类并继承WebSecurityConfigurerAdapter这个方法,并在之类中重写configure的3个方法,
12 其中3个方法中参数包括为
13 HttpSecurity(HTTP请求安全处理),AuthenticationManagerBuilder(身份验证管理生成器)和WebSecurity(WEB安全)。
14 */
15 @Configuration
16 @ComponentScan
17 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
18 /**
19 * http请求安全处理
20 * @param http
21 * @throws Exception
22 */
23 @Override
24 protected void configure(HttpSecurity http) throws Exception {
25 //http.authorizeRequests()这里的意思是通过方法来开始请求权限配置,
26 //fullyAuthenticated()意为用户完全认证可以访问
27 //and()是返回一个securityBuilder对象,formLogin()和httpBasic()是授权的两种方式
28 http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();
29 }
30
31 /**
32 * 身份验证管理生成器
33 * @param auth
34 * @throws Exception
35 */
36 @Override
37 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
38 auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups").contextSource().
39 url("ldap://localhost:8389/dc=springframework,dc=org").and().passwordCompare().passwordEncoder(new LdapShaPasswordEncoder())
40 .passwordAttribute("userPassword");
41 }
42 }
设置用户数据,使用到LDAP服务器(ldif文件),
在yml中添加LDAP服务的代理
server:
servlet:
context-path: /llh
port: 8082
spring:
datasource:
url: jdbc:mysql://127.0.0.1:3306/depot?useUnicode=true&characterEncoding=utf8
username: root
password: 123456
servlet:
multipart:
max-file-size: 128KB
max-request-size: 128KB
ldap:
embedded:
ldif: classpath:test-server.ldif
base-dn: dc=springframework,dc=org
port: 8389
resource文件夹下面创建一个test-server.ldif文件
1 dn: dc=springframework,dc=org
2 objectclass: top
3 objectclass: domain
4 objectclass: extensibleObject
5 dc: springframework
6
7 dn: ou=groups,dc=springframework,dc=org
8 objectclass: top
9 objectclass: organizationalUnit
10 ou: groups
11
12 dn: ou=subgroups,ou=groups,dc=springframework,dc=org
13 objectclass: top
14 objectclass: organizationalUnit
15 ou: subgroups
16
17 dn: ou=people,dc=springframework,dc=org
18 objectclass: top
19 objectclass: organizationalUnit
20 ou: people
21
22 dn: ou=space cadets,dc=springframework,dc=org
23 objectclass: top
24 objectclass: organizationalUnit
25 ou: space cadets
26
27 dn: ou=\"quoted people\",dc=springframework,dc=org
28 objectclass: top
29 objectclass: organizationalUnit
30 ou: "quoted people"
31
32 dn: ou=otherpeople,dc=springframework,dc=org
33 objectclass: top
34 objectclass: organizationalUnit
35 ou: otherpeople
36
37 dn: uid=ben,ou=people,dc=springframework,dc=org
38 objectclass: top
39 objectclass: person
40 objectclass: organizationalPerson
41 objectclass: inetOrgPerson
42 cn: Ben Alex
43 sn: Alex
44 uid: ben
45 userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
46
47 dn: uid=bob,ou=people,dc=springframework,dc=org
48 objectclass: top
49 objectclass: person
50 objectclass: organizationalPerson
51 objectclass: inetOrgPerson
52 cn: Bob Hamilton
53 sn: Hamilton
54 uid: bob
55 userPassword: bobspassword
56
57 dn: uid=joe,ou=otherpeople,dc=springframework,dc=org
58 objectclass: top
59 objectclass: person
60 objectclass: organizationalPerson
61 objectclass: inetOrgPerson
62 cn: Joe Smeth
63 sn: Smeth
64 uid: joe
65 userPassword: joespassword
66
67 dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
68 objectclass: top
69 objectclass: person
70 objectclass: organizationalPerson
71 objectclass: inetOrgPerson
72 cn: Mouse, Jerry
73 sn: Mouse
74 uid: jerry
75 userPassword: jerryspassword
76
77 dn: cn=slash/guy,ou=people,dc=springframework,dc=org
78 objectclass: top
79 objectclass: person
80 objectclass: organizationalPerson
81 objectclass: inetOrgPerson
82 cn: slash/guy
83 sn: Slash
84 uid: slashguy
85 userPassword: slashguyspassword
86
87 dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
88 objectclass: top
89 objectclass: person
90 objectclass: organizationalPerson
91 objectclass: inetOrgPerson
92 cn: quote\"guy
93 sn: Quote
94 uid: quoteguy
95 userPassword: quoteguyspassword
96
97 dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org
98 objectclass: top
99 objectclass: person
100 objectclass: organizationalPerson
101 objectclass: inetOrgPerson
102 cn: Space Cadet
103 sn: Cadet
104 uid: space cadet
105 userPassword: spacecadetspassword
106
107
108
109 dn: cn=developers,ou=groups,dc=springframework,dc=org
110 objectclass: top
111 objectclass: groupOfUniqueNames
112 cn: developers
113 ou: developer
114 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
115 uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
116
117 dn: cn=managers,ou=groups,dc=springframework,dc=org
118 objectclass: top
119 objectclass: groupOfUniqueNames
120 cn: managers
121 ou: manager
122 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
123 uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
124
125 dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
126 objectclass: top
127 objectclass: groupOfUniqueNames
128 cn: submanagers
129 ou: submanager
130 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
这时候就可以启动springboot的启动类,键入地址:http://127.0.0.1:8082/llh/,发现已经被拦截下来了,并且重定向到了Spring Security提供的登录页面
,见下图:
输入用户名:ben,密码:benspassword,即可登录。
转载于:https://www.cnblogs.com/javallh/p/9262384.html