本小节将一步步教会你建立一个项目并给它添加Spring Security LDAP 模块。
你将建立一个 通过 Spring Security 提供的服务 来加密的程序, 该服务嵌入了 java 基本的 LDAP 加密。 你会通过加载一个配置了用户名密码集合的配置文件 来启动该服务。
1、建立一个简单的Controller。
这个Controller向前端写回简单的一句话。
如下:
1 package cn.tiny77.guide06; 2 3 import org.springframework.web.bind.annotation.GetMapping; 4 import org.springframework.web.bind.annotation.RestController; 5 6 @RestController 7 public class HomeController { 8 9 @GetMapping("/") 10 public String index() { 11 return "Welcome to the home page!"; 12 } 13 }
启动程序如下:
1 package cn.tiny77.guide06; 2 3 import org.springframework.boot.SpringApplication; 4 import org.springframework.boot.autoconfigure.SpringBootApplication; 5 6 @SpringBootApplication 7 public class App { 8 9 public static void main(String[] args) { 10 SpringApplication.run(App.class, args); 11 } 12 13 }
现在,我们可以在不验证身份的情况下访问这个Controller。
访问 http://localhost:8080 , 你将看到简短的文字信息。
2、嵌入Spring Security
新建一个类,通过java代码配置Spring Security
1 package cn.tiny77.guide06; 2 3 import java.util.Arrays; 4 5 import org.springframework.context.annotation.Bean; 6 import org.springframework.context.annotation.Configuration; 7 import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder; 8 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 9 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 10 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 11 import org.springframework.security.ldap.DefaultSpringSecurityContextSource; 12 13 @Configuration 14 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 15 16 @Override 17 protected void configure(HttpSecurity http) throws Exception { 18 http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin(); 19 } 20 21 @Override 22 public void configure(AuthenticationManagerBuilder auth) throws Exception { 23 auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups") 24 .contextSource(contextSource()).passwordCompare().passwordEncoder(new LdapShaPasswordEncoder()) 25 .passwordAttribute("userPassword"); 26 } 27 28 @Bean 29 public DefaultSpringSecurityContextSource contextSource() { 30 return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), 31 "dc=springframework,dc=org"); 32 } 33 34 }
@EnableWebSecurity 注解作用是 打开校验开关。
你同时需要一个LDAP服务,SpringBoot能自动化配置一个纯粹由java代码书写的服务,在本例中我们将会用到。
ldapAuthentication方法的作用是把表单中的username插入到字符串的"{0}"中,LDAP服务根据它查询uid={0},ou=people,dc=springframework,dc=org。
同时,passwordCompare方法配置译码器和密码的名称,获取密码并校验。
3、建立用户数据
LDAP服务可以用LDIF(LDAP Data Interchange Format)来代替用户数据。
application.properties中的spring.ldap.embedded.ldif属性允许SpringBoot引入一个LDIF文件,这使得加载用户数据很容易。
dn: dc=springframework,dc=org objectclass: top objectclass: domain objectclass: extensibleObject dc: springframework dn: ou=groups,dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: groups dn: ou=subgroups,ou=groups,dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: subgroups dn: ou=people,dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: people dn: ou=space cadets,dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: space cadets dn: ou=\"quoted people\",dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: "quoted people" dn: ou=otherpeople,dc=springframework,dc=org objectclass: top objectclass: organizationalUnit ou: otherpeople dn: uid=ben,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Ben Alex sn: Alex uid: ben userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ= dn: uid=bob,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Bob Hamilton sn: Hamilton uid: bob userPassword: bobspassword dn: uid=joe,ou=otherpeople,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Joe Smeth sn: Smeth uid: joe userPassword: joespassword dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Mouse, Jerry sn: Mouse uid: jerry userPassword: jerryspassword dn: cn=slash/guy,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: slash/guy sn: Slash uid: slashguy userPassword: slashguyspassword dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: quote\"guy sn: Quote uid: quoteguy userPassword: quoteguyspassword dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Space Cadet sn: Cadet uid: space cadet userPassword: spacecadetspassword dn: cn=developers,ou=groups,dc=springframework,dc=org objectclass: top objectclass: groupOfUniqueNames cn: developers ou: developer uniqueMember: uid=ben,ou=people,dc=springframework,dc=org uniqueMember: uid=bob,ou=people,dc=springframework,dc=org dn: cn=managers,ou=groups,dc=springframework,dc=org objectclass: top objectclass: groupOfUniqueNames cn: managers ou: manager uniqueMember: uid=ben,ou=people,dc=springframework,dc=org uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org objectclass: top objectclass: groupOfUniqueNames cn: submanagers ou: submanager uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
如果你访问 localhost:8080 ,你就会被重定向到Spring Security 的提供的登录页。
输入用户名ben 密码 benspassword ,你就能看到如下页面。
4、Demo下载