Spring Security的3 Active Directory验证,数据库授权 [英] Spring Security 3 Active Directory Authentication, Database Authorization
问题描述
我想我的存取权限的应用程序与AD认证,并从我的数据库中获得授权角色。
I'm trying to acces my application with AD authentication and getting authorization roles from my DB.
这是我的配置
<beans:bean id="activeDirectoryAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="mydomain" />
<beans:constructor-arg value="ldap://my URL :389" />
<beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>
我尝试添加
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
<beans:constructor-arg ref="myUserDetailsService"/>
</beans:bean>
</beans:constructor-arg>
但没有奏效。任何帮助?
but it didn't work. Any help?
非常感谢!!
推荐答案
<一个href="http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.html"相对=nofollow> ActiveDirectoryLdapAuthenticationProvider 不使用 LdapAuthoritiesPopulator在
(检查构造函数的API)。
ActiveDirectoryLdapAuthenticationProvider doesn't use an LdapAuthoritiesPopulator
(check the API for the constructor).
您可以使用委托模型,在那里你包的供应商和分装的主管部门,返回一个包含它们一个新的令牌前:
You can use a delegation model, where you wrap the provider and load the authorities separately, before returning a new token containing them:
public class MyAuthoritySupplementingProvider implements AuthenticationProvider {
private AuthenticationProvider delegate;
public MyAuthoritySupplementingProvider(AuthenticationProvider delegate) {
this.delegate = delegate;
}
public Authentication authenticate(Authentication authentication) {
final Authentication a = delegate.authenticate(authentication);
// Load additional authorities and create an Authentication object
final List<GrantedAuthority> authorities = loadRolesFromDatabaseHere(a.getName());
return new AbstractAuthenticationToken(authorities) {
public Object getCredentials() {
throw new UnsupportedOperationException();
}
public Object getPrincipal() {
return a.getPrincipal();
}
};
}
@Override
public boolean supports(Class<?> authentication) {
return delegate.supports(authentication);
}
}
类是最终的主要原因是我的,而基本的Active Directory和不同方式的人会想用它的知识。
The class is final mainly due to my rather basic knowledge of Active Directory and the different ways people would want to use it.
这篇关于Spring Security的3 Active Directory验证,数据库授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!