Spring security 集成ldap服务,实现统一验证

<span style="font-size:18px;">先说一下Spring security 是基于spring的一个强大的安全验证模块,它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能。</span>

LDAP是轻量目录访问协议,基于tcp/ip协议,一般为企业的基本信息的访问提供一个统一的访问方式,它存储的数据是以树形结构存储的,因此,访问速度超快,但是相对的存储速度很慢。当然,你肯定也不能使用sql语句了

首先说一下所需要的jar包,当然也有maven配置,网上应该有很多

spring-security-config

spring-security-core

spring-security-ldap

spring-security-taglibs

spring-security-web

好吧,开始要先配置spring-security,由于本身就是基于spring的,配置起来也很简单

首先在web,xml中配置一个security的filter:


 <filter>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    </filter>  
  
    <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>
然后在spring-mvc文件里配置一个bean



<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource"/>
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="" />
<property name="defaultRole" value="ROLE_USER"/>
</bean>
</constructor-arg>
</bean>

同时需要配置ldap数据源:



<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://192.168.0.1:389/dc=gnetis,dc=com"/>
<property name="userDn" value="cn=Manager,dc=gnetis,dc=com" />
<property name="password" value="admin"/>
</bean>


好的,然后还有一个spring-security.xml需要创建并配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
  http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<!-- spring security -->
<http pattern="/login.jsp" security="none"/>
<http pattern="/resources/**" security="none"/>
<!-- 不启用安全验证 -->
<!-- <http pattern="/*" security="none"/> -->
<http auto-config='true'>
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER" />

<form-login login-page="/login.jsp" login-processing-url="/loginProcess"
authentication-failure-url="/login.jsp?login_error=1"
default-target-url="/home/index" always-use-default-target="true" />

<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>

<!--         Uncomment to limit the number of sessions a user can have -->
        <session-management invalid-session-url="/login.jsp">
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
        </session-management>
</http>
<authentication-manager>
<authentication-provider ref="ldapAuthProvider"></authentication-provider>
</authentication-manager>


</beans:beans>

一定要注意 xsi:schemaLocation的url地址的填写,否则各种错误。

其中,login.jsp是默认进入页面,home/index是默认页面的路径,

然后将在spring-mvc里配置的bean配置在authentication-manager里面,记得要写login.jsp,如:


<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ page import="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" %>
<%@ page import="org.springframework.security.core.AuthenticationException" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html>
<html lang="en">
  <head>
    <base href="<%=basePath%>">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="icon" href="<%=basePath%>/resources/dist/img/favicon.ico">


    <title>XXXXX</title>


    <!-- Bootstrap core CSS -->
    <link href="<%=basePath%>/resources/dist/css/bootstrap.min.css" rel="stylesheet">


    <!-- Custom styles for this template -->
    <link href="<%=basePath%>/resources/dist/css/signin.css" rel="stylesheet">


    <!-- Just for debugging purposes. Don't actually copy these 2 lines! -->
    <!--[if lt IE 9]><script src="../../assets/js/ie8-responsive-file-warning.js"></script><![endif]-->
    <script src="<%=basePath%>/resources/dist/js/ie-emulation-modes-warning.js"></script>


    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>


  <body style="position:absolute;height:100%;background:#007788;">
    <div class="container" style="border-top:3px solid #ccc;border-bottom:3px solid #ccc;border-right:5px solid #ccc;<c:if test="${lose=='1'}">border-right:5px solid #F22715;</c:if>background:#FFFFFF;margin-top:150px;color:#007788;opacity: 0.8;">
    
     <div class="row featurette">
<div class="col-md-6">
<p style="color:#085D1F;font-weight:bold;font-size:48px;line-height:250px;text-align:center;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;全时运营中心</p>
</div>
<div class="col-md-6">
<form class="form-signin" id="f" name="f" action="<c:url value="/loginProcess" />" method="post">
       <br>
       <br>
       <label for="inputEmail" class="sr-only">email</label>
       <input type="text" id="inputEmail" name="j_username" class="form-control" placeholder="请输入邮箱" required autofocus>
       <br>
       <label for="inputPassword" class="sr-only">password</label>
       <input type="password" id="inputPassword" name="j_password" class="form-control" placeholder="请输入密码" required>
       
         <input name="_spring_security_remember_me" id="remember_me" type="checkbox"/>
         <label for="remember_me">remember</label>
       
       <input class="btn btn-lg btn-success btn-block" value="登录" type="submit"></input>
     </form>
     <c:if test="${not empty param.login_error}">
<p class="text-center" style="color:red;">
登录失败:<%= ((AuthenticationException) session.getAttribute(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</p>
</c:if>
</div>
 </div>
     <br>
     <br>
    </div> 
  
    <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
    <script src="<%=basePath%>/resources/dist/js/ie10-viewport-bug-workaround.js"></script>
  </body>
</html>




评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值