英文:
Java SprinBoot Security + Active Directory attributes
问题
以下是您要翻译的内容:
我正在使用Java + SpringBoot Security来对我的Web应用进行授权。
以下是可工作的配置和没有声明)
我的问题:
- 我可以使用这种方式连接到AD来从AD获取用户的属性(例如sAMAccountName,mail)吗?
- 可以通过AD组设置访问页面的访问权限吗?
如果我正确理解,AuthenticationManagerBuilder只是连接到AD。
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/home", "/logout/**", "/logout-success", "/login/**").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception {
authBuilder
.ldapAuthentication()
.userSearchFilter("(sAMAccountName={0})")
.userSearchBase("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
.groupSearchBase("OU=Groups,OU=nsk,DC=regions,DC=office,DC=ru")
.groupSearchFilter("member={0}")
.contextSource()
.url("ldap://regions.office.ru:389")
.managerDn("CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
.managerPassword("passw");
}
}
英文:
I am using Java + SpringBoot Security for autorization on my web app.
Bellow is working config and no claims)
My questions:
- Can I use this way to connect to AD for to get from AD attrubutes of users (eg. sAMAccountName, mail)?
- There is possible setting up aceess to page by the AD groups?
If i right understand AuthenticationManagerBuilder just connector to AD.
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/home", "/logout/**","/logout-success","/login/**").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception {
authBuilder
.ldapAuthentication()
.userSearchFilter("(sAMAccountName={0})")
.userSearchBase("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
.groupSearchBase("OU=Groups,OU=nsk,DC=regions,DC=office,DC=ru")
.groupSearchFilter("member={0}")
.contextSource()
.url("ldap://regions.office.ru:389")
.managerDn("CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
.managerPassword("passw");
}
}
答案1
得分: 0
搜索域中所有用户的属性(displayName)。
public class LdapSearch {
public List<String> getAllPersonNames() {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://regions.office.ru:389");
env.put(Context.SECURITY_PRINCIPAL, "CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru");
env.put(Context.SECURITY_CREDENTIALS, "password");
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
}
List<String> list = new LinkedList<String>();
NamingEnumeration results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru", "(objectclass=user)", controls);
while (results.hasMore()) {
SearchResult searchResult = (SearchResult) results.next();
Attributes attributes = searchResult.getAttributes();
Attribute attr = attributes.get("displayName");
String cn = attr.get().toString();
list.add(cn);
}
} catch (NameNotFoundException e) {
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try {
results.close();
} catch (Exception e) {
}
}
if (ctx != null) {
try {
ctx.close();
} catch (Exception e) {
}
}
}
return list;
}
}
英文:
Searching all users of the domain by their attributes (displayName).
public class LdapSearch {
public List<String> getAllPersonNames() {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://regions.office.ru:389");
env.put(Context.SECURITY_PRINCIPAL, "CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru");
env.put(Context.SECURITY_CREDENTIALS, "password");
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
}
List<String> list = new LinkedList<String>();
NamingEnumeration results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru", "(objectclass=user)", controls);
while (results.hasMore()) {
SearchResult searchResult = (SearchResult) results.next();
Attributes attributes = searchResult.getAttributes();
Attribute attr = attributes.get("displayName");
String cn = attr.get().toString();
list.add(cn);
}
} catch (NameNotFoundException e) {
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try {
results.close();
} catch (Exception e) {
}
}
if (ctx != null) {
try {
ctx.close();
} catch (Exception e) {
}
}
}
return list;
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论