LDAP:在身份验证事件期间获取自定义值
LDAP: fetch custom values during an authentication event
我让 Springboot 成功地通过 LDAP 进行身份验证并向视图添加了一个 CustomUserDetails 模型。
在身份验证活动期间,我还想带回其他详细信息,例如电子邮件、电话和城市。
据此 it is possible and I think 也解决了。
尽管阅读了这两个答案,但我仍然不确定如何继续执行此操作 - 特别是第二个答案中的步骤 2 和 3 是如何关联的,以及电子邮件、城市和电话等详细信息映射到哪里?
我的安全class:
安全
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.defaultSuccessUrl("/newExhibit");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.and()
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
我的用户对象来自测试-server.ldif
dn: uid=abc123,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Tom Smith
sn: Smith
uid: abc123
userPassword: pass
mail: tom@contoso.com
mobile: +212 307 12345
st: CA
以下是否需要添加到auth
(a) 上下文源和
(b) userDetailsContextMapper?
最终,我想将来自 ldap 的这些详细信息映射到我的 java 用户 class。
更新
更新的 AuthenticationManagerBuilder
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.and()
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.userDetailsContextMapper(???) // what object in here and how initalised
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
查看您的 LDIF 文件,您似乎正在尝试获取定义为 inetOrgPerson. Spring Security has an out-of-the-box mapper for this the InetOrgPersonContextMapper 一部分的属性。这会将已定义的属性映射到 InetOrgPerson,这将充当所需的 UserDetails。
要进行配置,您只需创建一个新实例并将其连接到您的配置。
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.userDetailsContextMapper(new InetOrgPersonContextMapper())
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
这将相应地映射属性。当您使用 LDAP 时,您不需要注入 UserDetailsService,因为它会自动在下面配置 LdapUserDetailsService。
我让 Springboot 成功地通过 LDAP 进行身份验证并向视图添加了一个 CustomUserDetails 模型。
在身份验证活动期间,我还想带回其他详细信息,例如电子邮件、电话和城市。
据此
尽管阅读了这两个答案,但我仍然不确定如何继续执行此操作 - 特别是第二个答案中的步骤 2 和 3 是如何关联的,以及电子邮件、城市和电话等详细信息映射到哪里?
我的安全class:
安全
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.defaultSuccessUrl("/newExhibit");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.and()
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
我的用户对象来自测试-server.ldif
dn: uid=abc123,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Tom Smith
sn: Smith
uid: abc123
userPassword: pass
mail: tom@contoso.com
mobile: +212 307 12345
st: CA
以下
(a) 上下文源和
(b) userDetailsContextMapper?
最终,我想将来自 ldap 的这些详细信息映射到我的 java 用户 class。
更新
更新的 AuthenticationManagerBuilder
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.and()
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.userDetailsContextMapper(???) // what object in here and how initalised
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
查看您的 LDIF 文件,您似乎正在尝试获取定义为 inetOrgPerson. Spring Security has an out-of-the-box mapper for this the InetOrgPersonContextMapper 一部分的属性。这会将已定义的属性映射到 InetOrgPerson,这将充当所需的 UserDetails。
要进行配置,您只需创建一个新实例并将其连接到您的配置。
@SpringBootApplication
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.userDetailsContextMapper(new InetOrgPersonContextMapper())
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
这将相应地映射属性。当您使用 LDAP 时,您不需要注入 UserDetailsService,因为它会自动在下面配置 LdapUserDetailsService。