Java SprinBoot Security + Active Directory attributes

huangapple go评论74阅读模式
英文:

Java SprinBoot Security + Active Directory attributes

问题

以下是您要翻译的内容:

我正在使用Java + SpringBoot Security来对我的Web应用进行授权。
以下是可工作的配置和没有声明)

我的问题:

  1. 我可以使用这种方式连接到AD来从AD获取用户的属性(例如sAMAccountName,mail)吗?
  2. 可以通过AD组设置访问页面的访问权限吗?

如果我正确理解,AuthenticationManagerBuilder只是连接到AD。

@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/home", "/logout/**", "/logout-success", "/login/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .and()
                .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception {
        authBuilder
                .ldapAuthentication()
                .userSearchFilter("(sAMAccountName={0})")
                .userSearchBase("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchBase("OU=Groups,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchFilter("member={0}")
                .contextSource()
                .url("ldap://regions.office.ru:389")
                .managerDn("CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .managerPassword("passw");
    }
}
英文:

I am using Java + SpringBoot Security for autorization on my web app.
Bellow is working config and no claims)

My questions:

  1. Can I use this way to connect to AD for to get from AD attrubutes of users (eg. sAMAccountName, mail)?
  2. There is possible setting up aceess to page by the AD groups?

If i right understand AuthenticationManagerBuilder just connector to AD.

@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/home", "/logout/**","/logout-success","/login/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .and()
                .logout()
                .permitAll();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception {
        authBuilder
                .ldapAuthentication()
                .userSearchFilter("(sAMAccountName={0})")
                .userSearchBase("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchBase("OU=Groups,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchFilter("member={0}")
                .contextSource()
                .url("ldap://regions.office.ru:389")
                .managerDn("CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .managerPassword("passw");
    }
}

答案1

得分: 0

搜索域中所有用户的属性displayName)。

public class LdapSearch {
    public List<String> getAllPersonNames() {
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://regions.office.ru:389");
        env.put(Context.SECURITY_PRINCIPAL, "CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru");
        env.put(Context.SECURITY_CREDENTIALS, "password");

        DirContext ctx;
        try {
            ctx = new InitialDirContext(env);
        } catch (NamingException | javax.naming.NamingException e) {
            throw new RuntimeException(e);
        }

        List<String> list = new LinkedList<String>();
        NamingEnumeration results = null;
        try {
            SearchControls controls = new SearchControls();
            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            results = ctx.search("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru", "(objectclass=user)", controls);

            while (results.hasMore()) {
                SearchResult searchResult = (SearchResult) results.next();
                Attributes attributes = searchResult.getAttributes();
                Attribute attr = attributes.get("displayName");
                String cn = attr.get().toString();
                list.add(cn);
            }
        } catch (NameNotFoundException e) {
        } catch (NamingException | javax.naming.NamingException e) {
            throw new RuntimeException(e);
        } finally {
            if (results != null) {
                try {
                    results.close();
                } catch (Exception e) {
                }
            }
            if (ctx != null) {
                try {
                    ctx.close();
                } catch (Exception e) {
                }
            }
        }
        return list;
    }
}
英文:

Searching all users of the domain by their attributes (displayName).

public class LdapSearch {
public List&lt;String&gt; getAllPersonNames() {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, &quot;com.sun.jndi.ldap.LdapCtxFactory&quot;);
env.put(Context.PROVIDER_URL, &quot;ldap://regions.office.ru:389&quot;);
env.put(Context.SECURITY_PRINCIPAL, &quot;CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru&quot;);
env.put(Context.SECURITY_CREDENTIALS, &quot;password&quot;);
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
}
List&lt;String&gt; list = new LinkedList&lt;String&gt;();
NamingEnumeration results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search(&quot;OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru&quot;, &quot;(objectclass=user)&quot;, controls);
while (results.hasMore()) {
SearchResult searchResult = (SearchResult) results.next();
Attributes attributes = searchResult.getAttributes();
Attribute attr = attributes.get(&quot;displayName&quot;);
String cn = attr.get().toString();
list.add(cn);
}
} catch (NameNotFoundException e) {
} catch (NamingException | javax.naming.NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try {
results.close();
} catch (Exception e) {
}
}
if (ctx != null) {
try {
ctx.close();
} catch (Exception e) {
}
}
}
return list;
}
}

huangapple
  • 本文由 发表于 2020年10月8日 11:01:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/64255176.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定