@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
/** To configure LDAP SERVER **/
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}
@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
return contextMapper;
}
/** End configuration of LDAP SERVER **/
}``
公共类LdapSecuredUser扩展了用户实现LdapUserDetails{
/**
*
*/
@Autowired
private IUserService userService;
User newUser=new User();
public LdapSecuredUser(User u) {
newUser=u;
if (u != null) {
this.setEmailId(u.getEmailId());
this.setUserGroups(u.getUserGroups());
System.out.println(this.getEmailId() + " " + this.getUsername() +" " + this.getAuthorities()
+" ");
}
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
Set<Permission> permissions = new HashSet<Permission>(0);
for (UserGroup userGroup : newUser.getUserGroups()){
System.out.println(userGroup.getUserGroupName());
for(Permission permission : userGroup.getPermissions()){
permissions.add(permission);
}
}
if (permissions != null) {
for (Permission permission : permissions) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(
permission.getPermissionName());
authorities.add(authority);
}
}
return authorities;
}
@Override
public String getUsername() {
return super.getEmailId();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
@Override
public String getDn() {
return null;
}
}
公共类AttributesLDAPUserDetailsContextMapper
实现UserDetailsContextMapper{
/**
*
*/
private InetOrgPersonContextMapper ldapUserDetailsMapper = new InetOrgPersonContextMapper();
@Autowired
private IUserService userService;
@Autowired
private IUserGroupService usergroupService;
@Override
public UserDetails mapUserFromContext(DirContextOperations arg0, String arg1, Collection<? extends GrantedAuthority> arg2)
{
InetOrgPerson userLdap = (InetOrgPerson) ldapUserDetailsMapper.mapUserFromContext(arg0, arg1, arg2);
User u = userService.findByEmailIdEquals(userLdap.getUsername());
String databaseUserNameCheching=userLdap.getUsername();
if (u == null)
{
u = new User();
List<UserGroup> myGroupList=new ArrayList<UserGroup>();
UserGroup usergroup=usergroupService.findByUserGroupNameEquals("CANDIDATE_GROUP");
myGroupList.add(usergroup);
Set<UserGroup> userGroups=new HashSet<UserGroup>(myGroupList);
u.setUserGroups(userGroups);
u.setEmailId(userLdap.getUsername());
userService.save(u);
return new LdapSecuredUser(u);
}
u.setEmailId(userLdap.getUsername());
String emailId=userLdap.getUsername();
u.setUserGroups(userService.getAllUserGroupsByEmailId(emailId));
userService.save(u);
for (UserGroup grantedAuthoritya : u.getUserGroups()) {
System.out.println(grantedAuthoritya.getUserGroupName());
};
return new LdapSecuredUser(u);
}
@Override
public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1)
{
ldapUserDetailsMapper.mapUserToContext(arg0, arg1);
}
}
以上代码是为Active directory编写的,其中不需要contextsource。在搜索ldap属性时不需要显式查询。对我来说,它奏效了。
