SpringSecurity初步理解
Authenticating a User with LDAP
首先创建一个简单的web控制器
1 package hello; 2 3 import org.springframework.web.bind.annotation.GetMapping; 4 import org.springframework.web.bind.annotation.RestController; 5 6 @RestController 7 public class HomeController { 8 9 @GetMapping("/") 10 public String index() { 11 return "Welcome to the home page!"; 12 } 13 }
老生常谈,用到springboot,肯定少不了它的启动类
package hello; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }
SpringSecurity需要用到的maven依赖如下图
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.ldap</groupId> <artifactId>spring-ldap-core</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> </dependency> <dependency> <groupId>com.unboundid</groupId> <artifactId>unboundid-ldapsdk</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies>
开始做详细的安全认证,安全认证的思路是这样的“
创建一个类并继承WebSecurityConfigurerAdapter这个方法,并在之类中重写configure的3个方法,
其中3个方法中参数包括为
HttpSecurity(HTTP请求安全处理),AuthenticationManagerBuilder(身份验证管理生成器)和WebSecurity(WEB安全)。
如下代码
1 package com.ssm.demo.com.ssm.Hello; 2 3 import org.springframework.context.annotation.ComponentScan; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 8 import org.springframework.security.crypto.password.LdapShaPasswordEncoder; 9 /** 10 * 11 创建一个类并继承WebSecurityConfigurerAdapter这个方法,并在之类中重写configure的3个方法, 12 其中3个方法中参数包括为 13 HttpSecurity(HTTP请求安全处理),AuthenticationManagerBuilder(身份验证管理生成器)和WebSecurity(WEB安全)。 14 */ 15 @Configuration 16 @ComponentScan 17 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 18 /** 19 * http请求安全处理 20 * @param http 21 * @throws Exception 22 */ 23 @Override 24 protected void configure(HttpSecurity http) throws Exception { 25 //http.authorizeRequests()这里的意思是通过方法来开始请求权限配置, 26 //fullyAuthenticated()意为用户完全认证可以访问 27 //and()是返回一个securityBuilder对象,formLogin()和httpBasic()是授权的两种方式 28 http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin(); 29 } 30 31 /** 32 * 身份验证管理生成器 33 * @param auth 34 * @throws Exception 35 */ 36 @Override 37 protected void configure(AuthenticationManagerBuilder auth) throws Exception { 38 auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups").contextSource(). 39 url("ldap://localhost:8389/dc=springframework,dc=org").and().passwordCompare().passwordEncoder(new LdapShaPasswordEncoder()) 40 .passwordAttribute("userPassword"); 41 } 42 }
设置用户数据,使用到LDAP服务器(ldif文件),
在yml中添加LDAP服务的代理
server: servlet: context-path: /llh port: 8082 spring: datasource: url: jdbc:mysql://127.0.0.1:3306/depot?useUnicode=true&characterEncoding=utf8 username: root password: 123456 servlet: multipart: max-file-size: 128KB max-request-size: 128KB ldap: embedded: ldif: classpath:test-server.ldif base-dn: dc=springframework,dc=org port: 8389
resource文件夹下面创建一个test-server.ldif文件
1 dn: dc=springframework,dc=org 2 objectclass: top 3 objectclass: domain 4 objectclass: extensibleObject 5 dc: springframework 6 7 dn: ou=groups,dc=springframework,dc=org 8 objectclass: top 9 objectclass: organizationalUnit 10 ou: groups 11 12 dn: ou=subgroups,ou=groups,dc=springframework,dc=org 13 objectclass: top 14 objectclass: organizationalUnit 15 ou: subgroups 16 17 dn: ou=people,dc=springframework,dc=org 18 objectclass: top 19 objectclass: organizationalUnit 20 ou: people 21 22 dn: ou=space cadets,dc=springframework,dc=org 23 objectclass: top 24 objectclass: organizationalUnit 25 ou: space cadets 26 27 dn: ou=\"quoted people\",dc=springframework,dc=org 28 objectclass: top 29 objectclass: organizationalUnit 30 ou: "quoted people" 31 32 dn: ou=otherpeople,dc=springframework,dc=org 33 objectclass: top 34 objectclass: organizationalUnit 35 ou: otherpeople 36 37 dn: uid=ben,ou=people,dc=springframework,dc=org 38 objectclass: top 39 objectclass: person 40 objectclass: organizationalPerson 41 objectclass: inetOrgPerson 42 cn: Ben Alex 43 sn: Alex 44 uid: ben 45 userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ= 46 47 dn: uid=bob,ou=people,dc=springframework,dc=org 48 objectclass: top 49 objectclass: person 50 objectclass: organizationalPerson 51 objectclass: inetOrgPerson 52 cn: Bob Hamilton 53 sn: Hamilton 54 uid: bob 55 userPassword: bobspassword 56 57 dn: uid=joe,ou=otherpeople,dc=springframework,dc=org 58 objectclass: top 59 objectclass: person 60 objectclass: organizationalPerson 61 objectclass: inetOrgPerson 62 cn: Joe Smeth 63 sn: Smeth 64 uid: joe 65 userPassword: joespassword 66 67 dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org 68 objectclass: top 69 objectclass: person 70 objectclass: organizationalPerson 71 objectclass: inetOrgPerson 72 cn: Mouse, Jerry 73 sn: Mouse 74 uid: jerry 75 userPassword: jerryspassword 76 77 dn: cn=slash/guy,ou=people,dc=springframework,dc=org 78 objectclass: top 79 objectclass: person 80 objectclass: organizationalPerson 81 objectclass: inetOrgPerson 82 cn: slash/guy 83 sn: Slash 84 uid: slashguy 85 userPassword: slashguyspassword 86 87 dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org 88 objectclass: top 89 objectclass: person 90 objectclass: organizationalPerson 91 objectclass: inetOrgPerson 92 cn: quote\"guy 93 sn: Quote 94 uid: quoteguy 95 userPassword: quoteguyspassword 96 97 dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org 98 objectclass: top 99 objectclass: person 100 objectclass: organizationalPerson 101 objectclass: inetOrgPerson 102 cn: Space Cadet 103 sn: Cadet 104 uid: space cadet 105 userPassword: spacecadetspassword 106 107 108 109 dn: cn=developers,ou=groups,dc=springframework,dc=org 110 objectclass: top 111 objectclass: groupOfUniqueNames 112 cn: developers 113 ou: developer 114 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org 115 uniqueMember: uid=bob,ou=people,dc=springframework,dc=org 116 117 dn: cn=managers,ou=groups,dc=springframework,dc=org 118 objectclass: top 119 objectclass: groupOfUniqueNames 120 cn: managers 121 ou: manager 122 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org 123 uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org 124 125 dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org 126 objectclass: top 127 objectclass: groupOfUniqueNames 128 cn: submanagers 129 ou: submanager 130 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
这时候就可以启动springboot的启动类,键入地址:http://127.0.0.1:8082/llh/,发现已经被拦截下来了,并且重定向到了Spring Security提供的登录页面
,见下图:
输入用户名:ben,密码:benspassword,即可登录。
llh