第零步
依赖添加,这一步官文不知道为啥,没显示,顺便说一说其他的依赖包
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>authenticating-ldap</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>authenticating-ldap</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
-
Spring-boot- starter-web 用于使用Spring MVC构建web应用,包括 RESTful。Tomcat是默认的内嵌容器
-
Spring-boot- starter-test 用于测试 Spring Boot应用,支持常用测试类库,包括JUnit, Hamcrest和Mockito,但是需要排除junit-vintage-engine的依赖,这里也没搞太懂,好想看到的demo都去除了
-
下面是本项目需要添加的依赖
-
Spring-boot- starter-security 对Spring Security的支持
-
spring-ldap-core spring-ldap框架,是Spring集成ldap操作的总和,通常我们在工程中只需要引入spring-ldap-core即可,它提供了绝大部分功能
-
spring-security-ldap
-
unboundid-ldapsdk 一个开源的LDAP 服务,UnboundId
第一步
在Spring中,REST端点是Spring MVC控制器。以下Spring MVC控制器(来自src/main/java/com/example/authenticatingldap/HomeController.java),通过返回一条简单消息来处理一个GET/请求:
代码如下
package com.example.authenticatingldap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HomeController {
@GetMapping("/")
public String index() {
return "Welcome to the home page!";
}
}
整个类都用@RestController标记了出来,以便Spring MVC可以自动检测控制器(通过使用其内置的扫描功能)并自动配置必要的Web路由。
@RestController还会告诉Spring MVC将 对应处理请求的函数的返回的 文本直接写到HTTP响应主体中,因为没有视图。因此,当您访问页面时,您会在浏览器中收到一条简单消息(因为本指南的重点是使用LDAP保护页面,页面简单点无所谓了)。
这一一定要区分开@RestController 和@Controller
在第七节课上传文件的时候,就是使用@Controller,人家这个返回的文本可就不是直接写到HTTP响应主体了,而是一个html页面如下图
第三步 配置安全策略
有了这些依赖关系之后,您就可以使用纯Java来配置安全策略,如以下示例(来自src/main/java/com/example/authenticatingldap/WebSecurityConfig.java)所示:
package com.example.authenticatingldap;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new BCryptPasswordEncoder())
.passwordAttribute("userPassword");
}
}
@EnableWebSecurity 注解开启了你需要使用的一系列Spring Security的bean。
您还需要一个LDAP服务器。Spring Boot为你提供了使用纯Java编写的自动配置的嵌入式服务器,本指南将使用它。您还需要一个LDAP服务器。Spring Boot 为使用纯Java编写的嵌入式服务器提供了自动配置,本指南将使用该服务器。ldapAuthentication() 方法将登录表单上的用户名插入到 {0} 中进行配置,以便在LDAP服务器中搜索 uid={0}、ou=people、dc=springframework、dc=org。另外, passwordCompare() 方法配置编码器和密码属性的名称。
配置用户信息
LDAP 服务器可以使用 LDIF (LDAP数据交换格式)文件交换用户数据。spring.ldap.embedded.ldif 属性已经内置在 application.properties ,该属性允许在LDIF数据文件中进行Spring引导。这使得预加载演示数据变得容易。
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: space cadets
dn: ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: "quoted people"
dn: ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: otherpeople
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: $2a$10$c6bSeWPhg06xB1lvmaWNNe4NROmZiSpYhlocU/98HNr2MhIOiSt36
dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword
dn: uid=joe,ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Smeth
sn: Smeth
uid: joe
userPassword: joespassword
dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Mouse, Jerry
sn: Mouse
uid: jerry
userPassword: jerryspassword
dn: cn=slash/guy,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: slash/guy
sn: Slash
uid: slashguy
userPassword: slashguyspassword
dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: quote\"guy
sn: Quote
uid: quoteguy
userPassword: quoteguyspassword
dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Space Cadet
sn: Cadet
uid: space cadet
userPassword: spacecadetspassword
dn: cn=developers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: developers
ou: developer
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
dn: cn=managers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: managers
ou: manager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: submanagers
ou: submanager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
运行
如果您访问 http://localhost:8080 站点,则应该被重定向到Spring Security提供的登录页面。
输入用户名 ben 和密码 benspassword 。您应该在浏览器中看到这条消息:
Welcome to the home page!
密码其实是经过编码了的
如果我们注释了下面的密码编码,那么我们可以直接明码使用密码,使用下面的用户名和密码登录也是没问题的
总感觉这样的学习SpringBoot方式效率不太高,可能这个按照官方指导的系列就先停止了,基础太差,很多代码都看不懂,真就是面向百度编程了。。。。。无奈