JHipster LDAP认证 [英] JHipster ldap Authentication
本文介绍了JHipster LDAP认证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嘿Overfloweens和JHipsters,
我最近来,我想试试我的JHipster安全连接起来,协议LDAP服务器跨已拥有员工密码和用户名我的作品目录,以验证身份验证的结论。不过,我想继续使用JHipster的内置它使用Spring的MVC令牌系统。我知道如何从JHipster除了做LDAP服务器,但我不清楚如何修改SecurityConfiguration.java文件,使之成为现实。任何意见将是多少AP preciate。
安全配置文件:
包com.comcast.castit.config;进口javax.inject.Inject;进口org.springframework.context.annotation.Bean;
进口org.springframework.context.annotation.Configuration;
进口org.springframework.core.env.Environment;
进口org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
进口org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
进口org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
进口org.springframework.security.config.annotation.web.builders.HttpSecurity;
进口org.springframework.security.config.annotation.web.builders.WebSecurity;
进口org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
进口org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
进口org.springframework.security.core.userdetails.UserDetailsService;
进口org.springframework.security.crypto.password.PasswordEn codeR;
进口org.springframework.security.crypto.password.StandardPasswordEn codeR;
进口org.springframework.security.web.authentication.RememberMeServices;进口com.comcast.castit.security.AjaxAuthenticationFailureHandler;
进口com.comcast.castit.security.AjaxAuthenticationSuccessHandler;
进口com.comcast.castit.security.AjaxLogoutSuccessHandler;
进口com.comcast.castit.security.AuthoritiesConstants;
进口com.comcast.castit.security.Http401UnauthorizedEntryPoint;@组态
@EnableWebSecurity
公共类SecurityConfiguration扩展WebSecurityConfigurerAdapter { @注入
私人环境Env; @注入
私人AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler; @注入
私人AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler; @注入
私人AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler; @注入
私人Http401UnauthorizedEntryPoint的AuthenticationEntryPoint; @注入
私人的UserDetailsService的UserDetailsService; @注入
私人RememberMeServices的RememberMeServices的; @豆
公共PasswordEn codeR passwordEn codeR(){
返回新StandardPasswordEn codeR();
} @注入
公共无效configureGlobal(AuthenticationManagerBuilder AUTH)
抛出异常{
auth.userDetailsService(UserDetailsService中).passwordEn codeR(
passwordEn codeR());
} @覆盖
公共无效配置(WebSecurity网)抛出异常{
web.ignoring()。antMatchers(/ bower_components / **)
.antMatchers(/字体/ **)。antMatchers(/图片/ **)
.antMatchers(/脚本/ **)。antMatchers(/风格/ **)
.antMatchers(/视图/ **)。antMatchers(/ -I18N / **)
.antMatchers(/招摇的UI / **);
} @覆盖
保护无效配置(HttpSecurity HTTP)抛出异常{
http.exceptionHandling()
.authenticationEntryPoint(的AuthenticationEntryPoint)。而()
.rememberMe()。RememberMeServices的(RememberMeServices的)
的.key(env.getProperty(jhipster.security.rememberme.key))和()
.formLogin()。loginProcessingUrl(/应用/验证)
.successHandler(ajaxAuthenticationSuccessHandler)
.failureHandler(ajaxAuthenticationFailureHandler)
.usernameParameter(为j_username)
.passwordParameter(为j_password)。permitAll()和()。注销()
.logoutUrl(/应用程序/注销)
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies(JSESSIONID)。permitAll()和()。CSRF()。禁止()
.headers()。frameOptions()。关闭()。authorizeRequests()
.antMatchers(/应用程序/ REST /注册)。permitAll()
.antMatchers(/应用程序/ REST /激活)。permitAll()
.antMatchers(/应用程序/ REST /验证)。permitAll()
.antMatchers(/应用程序/ REST /日志/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/应用程序/ **)。验证()
.antMatchers(/度量/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/健康/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/跟踪/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/转储/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/关机/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/豆/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/信息/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/自动配置/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/ env的/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/跟踪/ **)
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers(/ API-DOCS / **)
.hasAuthority(AuthoritiesConstants.ADMIN)
。.antMatchers(/保护/ **)认证(); } @EnableGlobalMethodSecurity(prePostEnabled = TRUE,jsr250Enabled = TRUE)
私有静态类GlobalSecurityConfiguration扩展
GlobalMethodSecurityConfiguration {
}
}
解决方案
默认的验证机制使用在项目中的UserDetailsService的实施,它应该被称为com.comcast.castit.security.UserDetailsService。
这code有一个简单的loadUserByUsername即取,根据他的登录用户,并得到他的主管部门。
有关你的需求,你应该改变这一部分 - >这不会影响您的应用程序,这是很好的(春季安全很好为该设计)的其他
有上使用LDAP使用Spring Security /弹簧引导教程,你可以看看这里:的 https://spring.io/guides/gs/authenticating-ldap/
当然会更好,如果我们为JHipster一个特定的文件,所以如果你成功了,有时间,你的反馈将是非常欢迎!
Hey Overfloweens and JHipsters, I've recently come to the conclusion that I want to try to link up my JHipster security to protocol to an ldap server to verify authentication across my work directory that already has all the employee passwords and usernames. However, I want to continue to use JHipster's in-built token system which uses Spring-mvc. I know how to do the ldap server apart from JHipster, but I'm unclear how to modify the SecurityConfiguration.java file to make this a reality. Any advice would be much appreciate.
Security Configuration file:
package com.comcast.castit.config;
import javax.inject.Inject;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.authentication.RememberMeServices;
import com.comcast.castit.security.AjaxAuthenticationFailureHandler;
import com.comcast.castit.security.AjaxAuthenticationSuccessHandler;
import com.comcast.castit.security.AjaxLogoutSuccessHandler;
import com.comcast.castit.security.AuthoritiesConstants;
import com.comcast.castit.security.Http401UnauthorizedEntryPoint;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Inject
private Environment env;
@Inject
private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;
@Inject
private AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;
@Inject
private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
@Inject
private Http401UnauthorizedEntryPoint authenticationEntryPoint;
@Inject
private UserDetailsService userDetailsService;
@Inject
private RememberMeServices rememberMeServices;
@Bean
public PasswordEncoder passwordEncoder() {
return new StandardPasswordEncoder();
}
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
passwordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/bower_components/**")
.antMatchers("/fonts/**").antMatchers("/images/**")
.antMatchers("/scripts/**").antMatchers("/styles/**")
.antMatchers("/views/**").antMatchers("/i18n/**")
.antMatchers("/swagger-ui/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint).and()
.rememberMe().rememberMeServices(rememberMeServices)
.key(env.getProperty("jhipster.security.rememberme.key")).and()
.formLogin().loginProcessingUrl("/app/authentication")
.successHandler(ajaxAuthenticationSuccessHandler)
.failureHandler(ajaxAuthenticationFailureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password").permitAll().and().logout()
.logoutUrl("/app/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies("JSESSIONID").permitAll().and().csrf().disable()
.headers().frameOptions().disable().authorizeRequests()
.antMatchers("/app/rest/register").permitAll()
.antMatchers("/app/rest/activate").permitAll()
.antMatchers("/app/rest/authenticate").permitAll()
.antMatchers("/app/rest/logs/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/app/**").authenticated()
.antMatchers("/metrics/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/health/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/dump/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/shutdown/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/beans/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/info/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/autoconfig/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/env/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api-docs/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/protected/**").authenticated();
}
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
private static class GlobalSecurityConfiguration extends
GlobalMethodSecurityConfiguration {
}
}
解决方案
The default authentication mechanism uses a "UserDetailsService" implementation, it should be called "com.comcast.castit.security.UserDetailsService" in your project.
This code has a simple "loadUserByUsername" that fetches a user according to his login and gets his authorities.
For your needs, you should change this part -> this will not impact the rest of your application, which is good (Spring Security is well designed for that)
There is a tutorial on using LDAP with Spring Security / Spring Boot, you can check it out here: https://spring.io/guides/gs/authenticating-ldap/
Of course it would be better if we had a specific documentation for JHipster, so if you succeed and have time, your feedback would be most welcomed!
这篇关于JHipster LDAP认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
