spring boot 版本:2.0.4
spring security 版本:5.07
spring security 的验证,需要做的是下面三个:
实现AuthenticationProvider(验证业务等)
实现UserDetailsService(获取用户的业务)
实现UserDetails(用户实体)
但是,查询过spring的文档,只有简单几行的写了,如果使用AD域,需要用ActiveDirectoryLdapAuthenticationProvider做验证业务。而ActiveDirectoryLdapAuthenticationProvider没有setUserDetailsService这个方法,继续查询源码,ActiveDirectoryLdapAuthenticationProvider是继承抽象类AbstractLdapAuthenticationProvider,在AbstractLdapAuthenticationProvider继续找authenticate()方法研究,这个是验证过程的方法。找到了关键的几行代码,如下:
UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData,
authentication.getName(),
loadUserAuthorities(userData, authentication.getName(),
(String) authentication.getCredentials()));
this.userDetailsContextMapper是接口UserDetailsContextMapper,实例化的类是LdapUserDetailsMapper
protected UserDetailsContextMapper userDetailsContextMapper = new LdapUserDetailsMapper();
继续查看LdapUserDetailsMapper的mapUserFromContext方法
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities) {
String dn = ctx.getNameInNamespace();
this.logger.debug("Mapping user details from context with DN: " + dn);
LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
essence.setDn(dn);
Object passwordValue = ctx.getObjectAttribute(this.passwordAttributeName);
if (passwordValue != null) {
essence.setPassword(mapPassword(passwordValue));
}
essence.setUsername(username);
// Map the roles
for (int i = 0; (this.roleAttributes != null)
&& (i < this.roleAttributes.length); i++) {
String[] rolesForAttribute = ctx.getStri