在grails 2.2.4 spring security core 2.0中配置ldap? [英] Configure ldap in grails 2.2.4 spring security core 2.0?
问题描述
拒绝
抱歉,您无权查看此页面。
每次我尝试输入带有@Secured(['ROLE_USER'])的页面就可以了。我想知道如何在LDAP上添加每个用户以拥有ROLE_USER,以便他能够充分使用应用程序。
我的LDAP配置非常简单:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin。 springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.context.server =SOME LDAP ADRESS
grails.plugin.springsecurity.ldap.authorities.groupSearchBase ='ou =员工,O = *****,C = ****'
grails.plugin.springsecurity.ldap.search.base ='O = ****,C = **** '
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter ='member = {0}'
grails.plugin.springsecurity.ldap.search.attributesToReturn = null
而spring安全核心是默认的:
//由Spring Security Core插件添加:
grails.plugin.springsecurity.userLookup.userDomainClassName ='amelinium1.grails.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName =' amelinium1.grails.SecUserSecRole'
grails.plugin.springsecurity.authority.className ='amelinium1.grails.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/ ** ':['permitAll'],
'/ ** / systeminfo':['permitAll'],
'/ ** / js / **':['permitAll'],
'/ ** / css / **':['permitAll'],
'/ ** / images / **':['permitAll']]
grails.plugin.springsecurity.logout .postOnly = false
在 http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/ single.pdf 似乎并不是最新的,即使它是Spring版本的安全核心。
我试图实现自定义GrailsUser和GrailsUserDetailsService,但它们似乎并没有与插件的其余部分混合在一起(基于文档实现)。
任何人都可以请指点我正确的方向,并提供有关如何在最新版本2.0-RC2中实施LDAP的一些信息?
编辑
我的CustomUserDetailsService类,但我不确定它的正确配置对于LDAP:
class CustomUserDetailsService实现GrailsUserDetailsService {
@Override
public UserDetails loadUserByUsername字符串用户名)引发UsernameNotFoundException {
User.withTransaction {status - >
User user = User.findByUsername(username)
if(!user)throw new UsernameNotFoundException('User not found',username)
def authorities = user .authorities.collect {new GrantedAuthorityImpl(it.authority)}
返回新的CustomUserDetails(user.username,user.password,user.enabled,
!user.accountExpired,!user.passwordExpired ,
!user.accountLocked,authority?:NO_ROLES,user.id,
user.firstName,user.lastName)
}作为UserDetails
}
@Override
public UserDetails loadUserByUsername(String username,boolean loadRoles)
throws UsernameNotFoundException,DataAccessException {
return loadUserByUsername(username);
}
}
CustomUserDetails类:
class CustomUserDetails extends GrailsUser {
final String firstName
final String lastName
CustomUserDetails(字符串用户名,字符串密码,布尔启用,
布尔accountNonExpired,布尔credentialsNonExpired,
布尔accountNonLocked,
集合<授予授权>权威,
长ID,字符串firstName,字符串lastName){
super(用户名,密码,启用,accountNonExpired,
credentialsNonExpired,accountNonLocked,权限,id)
this.firstName = firstName
this.lastName = lastName
$ b 问题是我无法从LDAP获取其他信息,而不是用户名ldap登录。
希望在这里的帮助也。在将应用程序重新加载到Customclasses即将得到的错误之后,例如:
没有方法的签名:static org.springframework.security.core.userdetails.User.findByUsername()适用于参数类型:(java.lang.String )values:[hajduk]
解决方案默认情况下,Spring Security插件从数据库获取用户和角色数据。负责读取用户和角色数据的Spring bean被命名为 userDetailsService
。如果您想从其他地方获取您的用户和角色数据 - 例如LDAP - 你只需要用你自己的bean替换这个bean,例如
import org.springframework.security.core.userdetails。*
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.dao.DataAccessException
class LdapUserDetailsService实现UserDetailsService {
UserDetails loadUserByUsername(String username)抛出UsernameNotFoundException,DataAccessException {
//通过用户名从LDAP中加载用户及其角色,并返回它们的
// details作为实现UserDetails接口的类的实例
不要忘记将这个类注册为Spring bean在 resources.groovy中
userDetailsService(LdapUserDetailsService)
有一些将Spring Security与LDAP集成在一起的插件,但我更愿意自己提供ñ这很容易。该文档提供了自定义 UserDetailsService
的示例。请注意,在编写您自己的 UserDetailsService
/ UserDetails
的实现时不需要扩展任何特定的类,调试它可能更容易直接实现接口。
Im currently working on integration of my app with company ldap. While i was able to make application actually check users on ldap for authentication, users are not able to overcome spring security ROLES configuration. Im getting:
"Denied
Sorry, you're not authorized to view this page."
Every time i try to enter page that has @Secured(['ROLE_USER']) on it. I would like to know how to add every user on LDAP to have ROLE_USER so he will be able to fully use application.
My ldap configuration is pretty simple:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.context.server = "SOME LDAP ADRESS"
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Employees,O=*****,C=****'
grails.plugin.springsecurity.ldap.search.base = 'O=****,C=****'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.search.attributesToReturn = null
And spring security core is default one:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'amelinium1.grails.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'amelinium1.grails.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'amelinium1.grails.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/**': ['permitAll'],
'/**/systeminfo': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll']]
grails.plugin.springsecurity.logout.postOnly = false
Documentation provided on http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/single.pdf seems to be not up to date even if it is for 2.0 version of spring security core.
I've tried to implement Custom GrailsUser and GrailsUserDetailsService but they dont seem to blend with rest of the plugin.(implementation based on documentation).
Anyone could point me to right direction with some info about how to implement LDAP in newest version 2.0-RC2?
EDIT
My CustomUserDetailsService class, but im not sure if its right configuration for LDAP:
class CustomUserDetailsService implements GrailsUserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User.withTransaction { status ->
User user = User.findByUsername(username)
if (!user) throw new UsernameNotFoundException('User not found', username)
def authorities = user.authorities.collect {new GrantedAuthorityImpl(it.authority)}
return new CustomUserDetails(user.username, user.password, user.enabled,
!user.accountExpired, !user.passwordExpired,
!user.accountLocked, authorities ?: NO_ROLES, user.id,
user.firstName, user.lastName)
} as UserDetails
}
@Override
public UserDetails loadUserByUsername(String username, boolean loadRoles)
throws UsernameNotFoundException, DataAccessException {
return loadUserByUsername(username);
}
}
And CustomUserDetails class:
class CustomUserDetails extends GrailsUser{
final String firstName
final String lastName
CustomUserDetails(String username, String password, boolean enabled,
boolean accountNonExpired, boolean credentialsNonExpired,
boolean accountNonLocked,
Collection<GrantedAuthority> authorities,
long id, String firstName, String lastName) {
super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities, id)
this.firstName = firstName
this.lastName = lastName
}
}
Problem is that i cannot get other informations from LDAP than username as ldap login.
Would appreciate help here also. After reworking application to beb ased on Customclasses im getting errors like :
No signature of method: static org.springframework.security.core.userdetails.User.findByUsername() is applicable for argument types: (java.lang.String) values: [hajduk]
解决方案 By default the Spring Security plugin gets user and role data from the database. The Spring bean that is responsible for reading the user and role data is named userDetailsService
. If you want to get your user and role data from somewhere else - e.g. LDAP - you simply need to replace this bean with your own, e.g.
import org.springframework.security.core.userdetails.*
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.dao.DataAccessException
class LdapUserDetailsService implements UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
// load the user and their role(s) from LDAP by username and return their
// details as an instance of a class that implements the UserDetails interface
}
}
Don't forget to register this class as a Spring bean in resources.groovy
userDetailsService(LdapUserDetailsService)
There are plugins that integrate Spring Security with LDAP, but I would prefer to do it myself given that it's so easy. The docs provide an example of a custom UserDetailsService
. Note that it's not necessary to extend any particular class when writing your own implementations of UserDetailsService
/UserDetails
, and for the purposes of debugging it's probably easier to just implement the interfaces directly.
这篇关于在grails 2.2.4 spring security core 2.0中配置ldap?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!