package com.liang.service;
import java.util.Arrays;
import java.util.Collection;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
@SuppressWarnings("deprecation")
public class SimpleRoleGrantingLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator{
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username) {
GrantedAuthority ga=null;
if("abc".equals(username)){
ga=new GrantedAuthorityImpl("ROLE_ADMIN");
}else{
ga=new GrantedAuthorityImpl("ROLE_USER");
}
return Arrays.asList(ga);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_ADMIN" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider"/>
</security:authentication-manager>
<bean id="ldapServer"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389/dc=example,dc=com" />
<property name="userDn" value="cn=Directory Manager" />
<property name="password" value="root" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg ref="ldapBindAuthenticator" />
<constructor-arg ref="simpleRoleGrantingLdapAuthoritiesPopulator" />
<property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper" />
</bean>
<bean id="ldapBindAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="ldapServer" />
<property name="userSearch" ref="ldapSearchBean" />
</bean>
<bean id="ldapSearchBean"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg value="" /> <!-- user-search-base -->
<constructor-arg value="(uid={0})" /> <!-- user-search-filter -->
<constructor-arg ref="ldapServer" />
</bean>
<bean id="ldapAuthoritiesPopulator"
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="ou=helloUnit" />
<property name="groupSearchFilter" value="(uniqueMember={0})" />
</bean>
<bean id="ldapUserDetailsContextMapper"
class="org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper" />
<bean id="simpleRoleGrantingLdapAuthoritiesPopulator" class="com.liang.service.SimpleRoleGrantingLdapAuthoritiesPopulator"></bean>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>SS5</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>