在带有 CAS 和 LDAP 的 Grails 中使用 Spring Security [英] Using Spring Security in Grails with CAS and LDAP
问题描述
我正在尝试在 Grails 中设置 Spring Security,以针对 CAS 进行身份验证并针对 LDAP 进行授权.我找到了几个例子(我现在打开了大约 20 个浏览器选项卡),但没有一个能回答整个问题.大多数示例是 Grails + CAS 或 Grails + LDAP,但没有 Grails + CAS + LDAP 的示例.
I am trying to set up Spring Security in Grails authenticating against CAS and authorizing against LDAP. I have found examples several examples (I have about 20 browser tabs open right now), but none of them answer the whole question. Most of the examples are Grails + CAS or Grails + LDAP, but no examples of Grails + CAS + LDAP.
推荐答案
所以我得到了它,它真的没那么糟糕,但我希望我看过@cantoni 的 example 首先.它会让这变得非常容易.我的设置比他的简单一点,所以我将在此处添加.
So I got it working, and it really isn't that bad, but I wish I had seen @cantoni's example first. It would have made this really easy. My setup is a little more simple than his, so I'll add it here.
安装 Spring Security Core、CAS 和 LDAP 插件.重要提示:在 spring-security-cas:1.0.5 更新之前,我不会尝试使用新的 spring-security-core:2.0-RC2 和 spring-security-ldap:2.0-RC2.CAS 插件似乎不适用于它们.
Install the Spring Security Core, CAS, and LDAP plugins. IMPORTANT: Until spring-security-cas:1.0.5 is updated, I wouldn't try to use the new spring-security-core:2.0-RC2 and spring-security-ldap:2.0-RC2. The CAS plugin doesn't seem to work with them.
plugins {
....
//security
compile ":spring-security-core:1.2.7.3"
compile ":spring-security-cas:1.0.5"
compile ":spring-security-ldap:1.0.6"
...
}
如果您不使用 daoAuthenticationProvider,则无需运行 quickstart 命令,而我没有.
You don't need to run the quickstart command if you're not also using daoAuthenticationProvider, which I am not.
在Config.groovy
//Spring Security Core Config
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/**': ['hasAnyRole("ROLE_OPERATOR","ROLE_ADMIN")']
]
//Spring Security CAS Config
grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = 'http://server.company.com:8080/app-name/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://sso.company.com/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://server.company.com:8080/app-name/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
如果您想使用注释而不是拦截器映射,则可以省略 rejectIfNoRule、securityConfigType 和 interceptUrlMap.
You can leave off rejectIfNoRule, securityConfigType, and interceptUrlMap if you want to use annotations instead of the interceptor map.
在 resources.groovy
// load ldap roles from spring security
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
"ldap://123.45.67.89:389"){
userDn = "myLdapUser"
password = "myLdapPwd"
}
ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
"DC=foo,DC=company,DC=com", "sAMAccountName={0}", initialDirContextFactory){
}
ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,"OU=foo,DC=bar,DC=company,DC=com"){
groupRoleAttribute = "cn"
groupSearchFilter = "member={0}"
searchSubtree = true
rolePrefix = "ROLE_"
convertToUpperCase = true
ignorePartialResultException = true
}
userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,ldapUserSearch,ldapAuthoritiesPopulator){
}
这篇关于在带有 CAS 和 LDAP 的 Grails 中使用 Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
