Spring-boot LDAP 自定义 UserDetails [英] Spring-boot LDAP customize UserDetails

查看：43 发布时间：2022/1/17 19:15:33 spring spring-security ldap spring-boot spring-security-ldap

本文介绍了Spring-boot LDAP 自定义 UserDetails的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在 spring-boot 应用程序中使用 LDAP 身份验证(基于注释的配置).我想自定义 UserDetails 对象.默认 UserDetails 实现是 LdapUserDetailsImpl.我想扩展这个类并添加一些额外的 iterfaces 并绑定到 spring-security 中.我的配置类:

I'm using LDAP authentication in spring-boot application (configuration based on annotations). I would like to customize UserDetails object. Default UserDetails implementation is LdapUserDetailsImpl. I would like to extend this class and add some extra iterfaces and bind into spring-security. My config class:

@Configuration
protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { 
    @Autowired
    private UserService userService;
    @Autowired
    private Environment env;

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        AuthMethod authMethod = AuthMethod.valueOf(env.getRequiredProperty("auth_method"));
        switch (authMethod) {
            case LDAP:
                auth.ldapAuthentication()
                    .userDnPatterns(env.getRequiredProperty("ldap.user_dn_patterns"))
                    .groupSearchBase(env.getRequiredProperty("ldap.group_search_base"))
                    .contextSource()
                    .url(env.getRequiredProperty("ldap.url"));
                break;
            default:
                auth.userDetailsService(userService);
                break;
        }

    }

    @Bean
    public LdapContextSource contextSource () {
        LdapContextSource contextSource= new LdapContextSource();
        contextSource.setUrl(env.getRequiredProperty("ldap.url"));
        contextSource.setUserDn(env.getRequiredProperty("ldap.user"));
        contextSource.setPassword(env.getRequiredProperty("ldap.password"));
        contextSource.afterPropertiesSet();
        return contextSource;
    }
}

UserService 是自定义的身份验证方法(它是数据库/jpa 身份验证).UserDetails 访问器(当 auth 方法是 LDAP 时，它返回 LdapUserDetailsImpl 对象):

UserService is custom method of authentication (it's database/jpa authentication). UserDetails accessor (when auth method is LDAP it's returning LdapUserDetailsImpl object):

    @Component("activeUserAccessor")
public class ActiveUserAccessorImpl implements ActiveUserAccessor
{
    public UserDetails getActiveUser()
    {
        return (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    }
}

感谢您的帮助.

推荐答案

我的解决方案:

1.创建自定义UserDetailsContextMapper:

1.Create custom UserDetailsContextMapper:

    @Bean
    public UserDetailsContextMapper userDetailsContextMapper() {
        return new LdapUserDetailsMapper() {
            @Override
            public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
                UserDetails details = super.mapUserFromContext(ctx, username, authorities);
                return new CustomLdapUserDetails((LdapUserDetails) details, env);
            }
        };
    }

2.将UserDetailsContextMapper与LdapAuthenticationProviderConfigurer绑定:

2.Bind UserDetailsContextMapper with LdapAuthenticationProviderConfigurer:

  auth.ldapAuthentication()
      .userDetailsContextMapper(userDetailsContextMapper())
      .userDnPatterns(env.getRequiredProperty("ldap.user_dn_patterns"))
      .groupSearchBase(env.getRequiredProperty("ldap.group_search_base"))
      .contextSource()
      .url(env.getRequiredProperty("ldap.url"));

3.实现CustomLdapUserDetails(现在只改变isEnabled方法).您可以在 CustomLdapUserDetails 中添加一些额外的接口、方法并在 ActiveUserAccessor.getActiveUser() 中返回扩展类.

3.Implement CustomLdapUserDetails (only isEnabled method is changed for now). You can add some extra interfaces, methods to CustomLdapUserDetails and return extended class in ActiveUserAccessor.getActiveUser().

public class CustomLdapUserDetails implements LdapUserDetails {
private static final long serialVersionUID = 1L;

private LdapUserDetails details;
private Environment env;

public CustomLdapUserDetails(LdapUserDetails details, Environment env) {
    this.details = details;
    this.env = env;
}

public boolean isEnabled() {
    return details.isEnabled() && getUsername().equals(env.getRequiredProperty("ldap.username"));
}

public String getDn() {
    return details.getDn();
}

public Collection<? extends GrantedAuthority> getAuthorities() {
    return details.getAuthorities();
}

public String getPassword() {
    return details.getPassword();
}

public String getUsername() {
    return details.getUsername();
}

public boolean isAccountNonExpired() {
    return details.isAccountNonExpired();
}

public boolean isAccountNonLocked() {
    return details.isAccountNonLocked();
}

public boolean isCredentialsNonExpired() {
    return details.isCredentialsNonExpired();
}
}

这篇关于Spring-boot LDAP 自定义 UserDetails的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Spring-boot LDAP 自定义 UserDetails [英] Spring-boot LDAP customize UserDetails

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

Spring-boot LDAP 自定义 UserDetails [英] Spring-boot LDAP customize UserDetails

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭