SpringBoot Security使用LDAP单点登录

2019年7月16日 0 条评论 344 次阅读 0 人点赞

本教程主要详细讲解Spring Security使用LDAP做单点登录。

基础环境


技术 版本
Java 1.8+
SpringBoot 2.x.x
Security 5.x
LDAP 任意版本

创建项目


  • 初始化项目
mvn archetype:generate -DgroupId=com.edurt.sli.slisl -DartifactId=spring-learn-integration-security-ldap -DarchetypeArtifactId=maven-archetype-quickstart -Dversion=1.0.0 -DinteractiveMode=false
  • 修改pom.xml增加security的支持
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

    <parent>
        <artifactId>spring-learn-integration-security</artifactId>
        <groupId>com.edurt.sli</groupId>
        <version>1.0.0</version>
    </parent>

    <modelVersion>4.0.0</modelVersion>

    <artifactId>spring-learn-integration-security-ldap</artifactId>

    <name>SpringBoot Security使用LDAP单点登录</name>

    <properties>
        <dependency.spring.security.ldap.version>5.1.5.RELEASE</dependency.spring.security.ldap.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>{dependency.springboot2.common.version}                               org.springframework.boot             spring-boot-starter-security             {dependency.springboot2.common.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
            <version>{dependency.spring.security.ldap.version}                                                           org.springframework.boot                 spring-boot-maven-plugin                 {dependency.springboot2.common.version}</version>
                <configuration>
                    <fork>true</fork>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>{plugin.maven.compiler.version}                                      {system.java.version}</source>
                    <target>${system.java.version}</target>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

spring-boot-starter-security启动spring security安全框架
spring-security-ldap启动spring security ldap框架支持

  • 一个简单的应用类
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisl;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Component;

/**
 * <p> SpringBootSecurityLDAPIntegration </p>
 * <p> Description : SpringBootSecurityLDAPIntegration </p>
 * <p> Author : qianmoQ </p>
 * <p> Version : 1.0 </p>
 * <p> Create Time : 2019-06-19 19:50 </p>
 * <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
 */
@SpringBootApplication
@Component(value = "com.edurt.sli.slisl")
public class SpringBootSecurityLDAPIntegration {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootSecurityLDAPIntegration.class, args);
    }

}

配置Security


  • /src/main/java/com/edurt/sli/slisl目录下创建config目录,并在该目录下新建LdapConfig文件
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisl.config;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

/**
 * <p> LdapConfig </p>
 * <p> Description : LdapConfig </p>
 * <p> Author : qianmoQ </p>
 * <p> Version : 1.0 </p>
 * <p> Create Time : 2019-06-19 20:24 </p>
 * <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
 */
@Component
@ConfigurationProperties(prefix = "custom.ldap")
public class LdapConfig {

    private String searchBase;
    private String searchFilter;
    private String url;
    private String manageDN;
    private String managePassword;

    public LdapConfig() {
    }

    public String getSearchBase() {
        return searchBase;
    }

    public void setSearchBase(String searchBase) {
        this.searchBase = searchBase;
    }

    public String getSearchFilter() {
        return searchFilter;
    }

    public void setSearchFilter(String searchFilter) {
        this.searchFilter = searchFilter;
    }

    public String getUrl() {
        return url;
    }

    public void setUrl(String url) {
        this.url = url;
    }

    public String getManageDN() {
        return manageDN;
    }

    public void setManageDN(String manageDN) {
        this.manageDN = manageDN;
    }

    public String getManagePassword() {
        return managePassword;
    }

    public void setManagePassword(String managePassword) {
        this.managePassword = managePassword;
    }

}

@ConfigurationProperties(prefix = "custom.ldap")标志着配置文件中的配置是按照custom.ldap开头

  • 创建SecurityLdapConfig授权校验文件
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisl.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * <p> SecurityConfig </p>
 * <p> Description : SecurityConfig </p>
 * <p> Author : qianmoQ </p>
 * <p> Version : 1.0 </p>
 * <p> Create Time : 2019-06-19 19:52 </p>
 * <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
 */
@Configuration
public class SecurityLdapConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapConfig config;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication()
                .userSearchBase(config.getSearchBase())
                .userSearchFilter(config.getSearchFilter())
                .contextSource()
                .url(config.getUrl())
                .managerDn(config.getManageDN())
                .managerPassword(config.getManagePassword());
    }

}
  • 在resources资源目录下创建一个application.properties的配置文件,内容如下
server.port=8989
custom.ldap.searchBase=OU=example,DC=example,DC=intra
custom.ldap.searchFilter=(sAMAccountName={0})
custom.ldap.url=ldap://192.168.0.5:389
custom.ldap.manageDN=cn=function,OU=Email Account,dc=example,dc=intra
custom.ldap.managePassword=example

创建授权成功提示


/src/main/java/com/edurt/sli/slisl目录下创建controller目录,并在该目录下新建HelloLDAPController文件

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisl.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import java.security.Principal;
import java.util.Map;

/**
 * <p> HelloLDAPController </p>
 * <p> Description : HelloLDAPController </p>
 * <p> Author : qianmoQ </p>
 * <p> Version : 1.0 </p>
 * <p> Create Time : 2019-06-19 20:12 </p>
 * <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
 */
@Controller
public class HelloLDAPController {

    @RequestMapping("/secure")
    public String secure(Map<String, Object> model, Principal principal) {
        model.put("title", "授权成功");
        model.put("message", "仅授权可查看的页面");
        model.put("name", principal.getName());
        return "home";
    }

}
  • 浏览器打开http://localhost:8989/login出现以下界面

-w1277

输入你的LDAP账号信息即可校验成功,跳转到授权的数据页面

打包文件部署


  • 打包数据
mvn clean package -Dmaven.test.skip=true -X

运行打包后的文件即可

java -jar spring-learn-integration-security/spring-learn-integration-security-ldap/target/spring-learn-integration-security-ldap-1.0.0.jar

源码地址


qianmoQ

qianmoQ

这个人太懒什么东西都没留下

文章评论(0)