Spring Security的3 Active Directory验证，数据库授权 [英] Spring Security 3 Active Directory Authentication, Database Authorization

问题描述

我想我的存取权限的应用程序与AD认证，并从我的数据库中获得授权角色。

I'm trying to acces my application with AD authentication and getting authorization roles from my DB.

这是我的配置

<beans:bean id="activeDirectoryAuthenticationProvider"
        class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="mydomain" />
    <beans:constructor-arg value="ldap://my URL :389" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>

我尝试添加

  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="myUserDetailsService"/>
    </beans:bean>
  </beans:constructor-arg>

但没有奏效。任何帮助？

but it didn't work. Any help?

非常感谢!!

推荐答案

<一个href="http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.html"相对=nofollow> ActiveDirectoryLdapAuthenticationProvider 不使用 LdapAuthoritiesPopulator在（检查构造函数的API）。

ActiveDirectoryLdapAuthenticationProvider doesn't use an LdapAuthoritiesPopulator (check the API for the constructor).

您可以使用委托模型，在那里你包的供应商和分装的主管部门，返回一个包含它们一个新的令牌前：

You can use a delegation model, where you wrap the provider and load the authorities separately, before returning a new token containing them:

public class MyAuthoritySupplementingProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;

    public MyAuthoritySupplementingProvider(AuthenticationProvider delegate) {
        this.delegate = delegate;
    }

    public Authentication authenticate(Authentication authentication) {
        final Authentication a = delegate.authenticate(authentication);

        // Load additional authorities and create an Authentication object
        final List<GrantedAuthority> authorities = loadRolesFromDatabaseHere(a.getName());

        return new AbstractAuthenticationToken(authorities) {
            public Object getCredentials() {
                throw new UnsupportedOperationException();
            }

            public Object getPrincipal() {
                return a.getPrincipal();
            }
        };
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return delegate.supports(authentication);
    }
}

类是最终的主要原因是我的，而基本的Active Directory和不同方式的人会想用它的知识。

The class is final mainly due to my rather basic knowledge of Active Directory and the different ways people would want to use it.

这篇关于Spring Security的3 Active Directory验证，数据库授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！