您的位置: 首页  >  技术问答  >  Spring Security的3 Active Directory验证,数据库授权

Spring Security的3 Active Directory验证,数据库授权

分类: 技术问答 2022-06-11 15:45:08
问题描述:

我想我的存取权限的应用程序与AD认证,并从我的数据库中获得授权角色。

I'm trying to acces my application with AD authentication and getting authorization roles from my DB.

这是我的配置

<beans:bean id="activeDirectoryAuthenticationProvider"
        class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="mydomain" />
    <beans:constructor-arg value="ldap://my URL :389" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>

我尝试添加

  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="myUserDetailsService"/>
    </beans:bean>
  </beans:constructor-arg>

但没有奏效。任何帮助?

but it didn't work. Any help?

非常感谢!!

ActiveDirectoryLdapAuthenticationProvider 不使用 LdapAuthoritiesPopulator在(检查构造函数的API)。

ActiveDirectoryLdapAuthenticationProvider doesn't use an LdapAuthoritiesPopulator (check the API for the constructor).

您可以使用委托模型,在那里你包的供应商和分装的主管部门,返回一个包含它们一个新的令牌前:

You can use a delegation model, where you wrap the provider and load the authorities separately, before returning a new token containing them:

public class MyAuthoritySupplementingProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;

    public MyAuthoritySupplementingProvider(AuthenticationProvider delegate) {
        this.delegate = delegate;
    }

    public Authentication authenticate(Authentication authentication) {
        final Authentication a = delegate.authenticate(authentication);

        // Load additional authorities and create an Authentication object
        final List<GrantedAuthority> authorities = loadRolesFromDatabaseHere(a.getName());

        return new AbstractAuthenticationToken(authorities) {
            public Object getCredentials() {
                throw new UnsupportedOperationException();
            }

            public Object getPrincipal() {
                return a.getPrincipal();
            }
        };
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return delegate.supports(authentication);
    }
}

类是最终的主要原因是我的,而基本的Active Directory和不同方式的人会想用它的知识。

The class is final mainly due to my rather basic knowledge of Active Directory and the different ways people would want to use it.

相关推荐