Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java Spring安全性无法调用ldap自定义提供程序

1 周,5 日 Questions & Answers

我知道这个问题被问了好几次,但我已经尝试了所有的建议,我真的被卡住了

我无法呼叫我的自定义提供商。当UserJWTController获得身份验证时

Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);

执行LdapAuthenticationProvider,但不执行我的

我的LdapCustomAuthenticationProvider是这样的:

@Component
public class LdapCustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
    // do something
}

@Override
public boolean supports(final Class<?> authentication) {
   return  UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}
}

我的安全配置是:

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

private final TokenProvider tokenProvider;

private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;

@Autowired
private LdapCustomAuthenticationProvider ldapCustomAuthenticationProvider;

public SecurityConfiguration(TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
    this.tokenProvider = tokenProvider;
    this.corsFilter = corsFilter;
    this.problemSupport = problemSupport;
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Override
public void configure(AuthenticationManagerBuilder authBuilder) {
    authBuilder.authenticationProvider(ldapCustomAuthenticationProvider);
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}



@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**");
}

@Override
public void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .csrf()
        .disable()
        .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
        .exceptionHandling()
        .authenticationEntryPoint(problemSupport)
        .accessDeniedHandler(problemSupport)
    .and()
        .headers()
        .contentSecurityPolicy("default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:")
    .and()
        .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
    .and()
        .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
    .and()
        .frameOptions()
        .deny()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/authenticate").permitAll()
        .antMatchers("/api/register").permitAll()
        .antMatchers("/api/activate").permitAll()
        .antMatchers("/api/account/reset-password/init").permitAll()
        .antMatchers("/api/account/reset-password/finish").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/openapi/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/info").permitAll()
        .antMatchers("/management/prometheus").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
    .and()
        .httpBasic()
    .and()
        .apply(securityConfigurerAdapter());
    // @formatter:on
}

@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.ldapAuthentication()
        .userSearchBase("") //don't add the base
        //            .userSearchBase("uid={0},ou=People") //don't add the base
        .userSearchFilter("(uid={0})")
        .groupSearchBase("ou=Groups") //don't add the base
        .groupSearchFilter("member={0}")
        .contextSource(getContextSource());
}

@Bean
public LdapContextSource getContextSource() {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setUrl("ldap:/url:1389");
    contextSource.setBase("dc=example,dc=com");
    contextSource.setUserDn("cn=My App,ou=Apps,dc=example,dc=com");
    contextSource.setPassword("password");
    contextSource.afterPropertiesSet(); 

    return contextSource;
}

private JWTConfigurer securityConfigurerAdapter() {
    return new JWTConfigurer(tokenProvider);
}
}

任何帮助都将不胜感激


共 (0) 个答案