Spring security using LDAP and group membership

2019-03-04 17:16发布

站内问答 / SpringBoot
1576 1 5

I am using spring security to verify if the user has passed in valid username and password.

I also want to validate if the user is a part of a particular group.

Though, the credentials verification is working, the group membership verification is not.

Do I need to configure ldapAuthoritiesPopulator?

1条回答
你好瞎i
2楼-- · 2019-03-04 17:31

Though, the credentials verification is working, the group membership verification is not.

I am assuming group membership is combination of ldap base and userDn.

Here is a code to help you.

    public class LDAPDetail{
      private String url; //your LDAP url
      private Long timeout; // some timeout to connect LDAP
      private String domain; // domain of user
      private String userContainer; // typically value for OU=**,dc=**,dc=**
     // You should be getting value for _domain_ and _userContainer_ from user's LDAP detail                                 
    }

    public void validateUserDetails(){
       LdapDetail ldapDetail = //gets user's value which you want to validate.
       LdapTemplate ldapTemplate =  build(ldapDetail, "username", "password");

       AndFilter filter = new AndFilter();
            filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", userName));

       ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.toString(), "password")
    }

    public static LdapTemplate build(LdapDetail ldapDetail, String userName, String password) {
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setBase(ldapDetail.getUserContainer());
            ldapContextSource.setUrl(ldapDetail.getUrl());
            ldapContextSource.setAnonymousReadOnly(true);
            ldapContextSource.setCacheEnvironmentProperties(false);
            ldapContextSource.setUserDn(ldapDetail.getDomain());
            ldapContextSource.setBaseEnvironmentProperties(buildContextFor(ldapDetail, userName, password));

            LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
            ldapTemplate.setContextSource(ldapContextSource);

            return ldapTemplate;
        }

    public static Map<String, Object> buildContextFor(LdapDetail ldapDetail, String userName, String password) {
            Map<String, Object> env = new HashMap<>();

            env.put(Context.REFERRAL, "throw");
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PROTOCOL, "ssl");
            env.put("java.naming.factory.url.pkgs",
                    "org.jboss.naming:org.jnp.interfaces:org.jboss.naming:org.jnp.interfaces");
            env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(ldapDetail.getTimeout()));
            env.put(Context.PROVIDER_URL, ldapDetail.getUrl());
            env.put("ldap.domain", ldapDetail.getDomain());
            env.put(Context.SECURITY_PRINCIPAL, userName);
            env.put(Context.SECURITY_CREDENTIALS, password);

            return env;
   }
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)