Spring Security with LDAP and Database roles
In our new insurance project, I am trying to implement spring-security with Ldap active-directory.
I want to just check username/password against AD
-
The easiest way to achieve this now (Spring Security 3.2.5.RELEASE) is by implementing a custom
LdapAuthoritiesPopulatorwhich uses a customJdbcDaoImplto obtain the authorities from the database.Code
Assuming you are using the default database schema, and that you are using the same username for authentication in LDAP and as the foreign key in the
authoritiestable, you only need this:package demo; import java.sql.ResultSet; import java.sql.SQLException; import java.util.Collection; import java.util.List; import org.springframework.jdbc.core.RowMapper; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl; import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; /* * You need to extend JdbcDaoImpl to expose the protected method loadUserAuthorities. */ public class CustomJdbcUserDetailsService extends JdbcDaoImpl { @Override public ListloadUserAuthorities(String username) { return super.loadUserAuthorities(username); } } /* * Then, the only thing your populator needs to do is use the custom UserDetailsService above. */ public class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { private static final Logger LOGGER = LoggerFactory.getLogger(CustomLdapAuthoritiesPopulator.class); private CustomJdbcUserDetailsService service; public CustomLdapAuthoritiesPopulator(CustomJdbcUserDetailsService service) { this.service = service; } public Collection getGrantedAuthorities(DirContextOperations user, String username) { return service.loadUserAuthorities(username); } } The only thing left now is configure the LDAP authentication provider to use
CustomLdapAuthoritiesPopulator.Java Config
In a
@Configurationannotated subclass ofGlobalMethodSecurityConfigurationorWebSecurityConfigurerAdapter(depending on your case), add the following:@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { /* other authentication configurations you might have */ /* * This assumes that the dataSource configuring * the connection to the database has been Autowired * into this bean. * * Adapt according to your specific case. */ CustomJdbcUserDetailsService customJdbcUserDetailsService = new CustomJdbcUserDetailsService(); customJdbcUserDetailsService.setDataSource(dataSource); CustomLdapAuthoritiesPopulator customLdapAuthoritiesPopulator = new CustomLdapAuthoritiesPopulator(customJdbcUserDetailsService); auth.ldapAuthentication().ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator)/* other LDAP configurations you might have */; /* yet more authentication configurations you might have */ }Refer to https://github.com/pfac/howto-spring-security for a working example.
XML Config
Disclaimer: I've been working solely with Java configuration, so tread cautiously, there might be some errors.
Unlike other configurations for authenticating with LDAP, there seems to be no pretty XML tags to customize the
LdapAuthoritiesPopulator. So, it has to be done manually. Assuming a beancontextSourceconfiguring the connection to the LDAP server has been defined, add the following to your Spring XML configuration:Source: http://spapas.github.io/2013/10/14/spring-ldap-custom-authorities/#spring-security-ldap-with-custom-authorities
加载中...
- 热议问题