java - WebSecurityConfig Java 相当于使用 spring-security.xml 完成的 spring LDAP 身份验证

Question

我在项目中使用 Spring Security 实现了 LDAP 身份验证和授权。我配置了 spring-security.xml 并让它运行。我正在尝试使用 Java (WebSecurityConfig.java) 执行相同的操作。有人可以指导我如何做到这一点吗？

Here is my spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
            http://www.springframework.org/schema/security 
            http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- This is where we configure Spring-Security  -->
    <security:http auto-config="true" use-expressions="true"  >

        <security:intercept-url pattern="/main/common" access="hasRole('role.xyz.WebAdmin')"/>
        <security:intercept-url pattern="/admincare" access="hasRole('role.xyz.WebAdmin')"/>

        <security:form-login
                login-page="/auth/login" 
                authentication-failure-url="/auth/login?error=true" 
                default-target-url="/main/common"/>

        <security:logout 
                invalidate-session="true" 
                logout-success-url="/auth/login" 
                logout-url="/auth/logout"/>

    </security:http>


            <security:authentication-manager>

        <security:authentication-provider ref="ldapAuthProvider" />
    </security:authentication-manager>

    <bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <constructor-arg name="authenticator">
            <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <constructor-arg ref="ldapContext" />
                <property name="userSearch">
                    <bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                        <constructor-arg name="searchBase" value="" />
                        <constructor-arg name="searchFilter" value="(&amp;(uid={0})(objectclass=person)(ums-account-state=OK))" />
                        <constructor-arg name="contextSource" ref="ldapContext" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="com.gemalto.mobileid.service.UmsLdapAuthoritiesPopulator">
                <constructor-arg ref="ldapContext"/>
            </bean>
        </constructor-arg>
    </bean>

    <security:ldap-server id="ldapContext" url="ldap://aaa:54389/dc=xxx.com" manager-dn="bbb" manager-password="ccc" /> 
</beans>

现在，如果我想以 JAVA 风格(在 WebSecurityConfig.java 中)执行相同操作并摆脱 XML，我该怎么办？我对为此提供的 API 不太熟悉。我是这样开始的:

    public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("", "ldap://aaa:54389/dc=xxx.com");
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);
        provider.setUseAuthenticationRequestCredentials(true);
        return provider;
    }

    @Bean
    public LoggerListener loggerListener() {
        return new LoggerListener();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Configuration for Redirects, Login-Page and stuff

        http
        .authorizeRequests()
            .antMatchers("/admincare").authenticated()
            .and()
        .formLogin();
            //.loginPage("/auth/login")
            //.permitAll();     
    }   

我不确定如何在 WebSecurityConfig 的 Java 代码中设置其余参数(如在 XML 中完成的)。任何帮助将非常感激

Answer 1

请尝试这个:-

    @Bean
    public BaseLdapPathContextSource contextSource() {
    DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://aaa:54389/dc=xxx.com");
    contextSource.setUserDn("bbb");
    contextSource.setPassword("ccc");
    return contextSource;
    }


        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.ldapAuthentication()
                .contextSource(contextSource())
                .and()
                .ldapAuthoritiesPopulator(new UmsLdapAuthoritiesPopulator(contextSource()))
                .and()
                .userSearchBase("").userSearchFilter("(&(uid={0})(objectclass=person)(ums-account-state=OK))");
         }            


    @Override
    protected void configure(HttpSecurity http) throws Exception {              
        http.authorizeRequests().antMatchers("/main/common**","/admincare**").hasRole("role.xyz.WebAdmin")
            .and().formLogin().loginPage("/auth/login").failureUrl("/auth/login?error=true").defaultSuccessUrl("/main/common")
            .and().logout().invalidateHttpSession(true).logoutSuccessUrl("/auth/login").logoutUrl("/auth/logout");    
    }