Intro to Spring Security LDAP – Spring Security LDAP介绍

最后修改: 2015年 12月 28日

中文/混合/英文(键盘快捷键:t)

1. Overview

1.概述

In this quick tutorial, we will learn how to set up Spring Security LDAP.

在这个快速教程中,我们将学习如何设置Spring Security LDAP。

Before we start, a note about what LDAP is – it stands for Lightweight Directory Access Protocol and it’s an open, vendor-neutral protocol for accessing directory services over a network.

在我们开始之前,先说明一下什么是LDAP–它是轻量级目录访问协议的缩写,它是一个开放的、供应商中立的协议,用于通过网络访问目录服务。

2. Maven Dependency

2.Maven的依赖性

First, let take a look at maven dependencies we need:

首先,让我们看看我们需要的maven依赖性。

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
</dependency>

<dependency>
    <groupId>org.apache.directory.server</groupId>
    <artifactId>apacheds-server-jndi</artifactId>
    <version>1.5.5</version>
</dependency>

Note: We used ApacheDS as our LDAP server which is an extensible and embeddable directory server.

注意:我们使用ApacheDS作为我们的LDAP服务器,这是一个可扩展和可嵌入的目录服务器。

3. Java Configuration

3.Java配置[/strong]。

Next, let’s discuss our Spring Security Java configuration:

接下来,让我们讨论一下我们的Spring Security Java配置。

public class SecurityConfig {

    @Bean
    ApacheDSContainer ldapContainer() throws Exception {
        return new ApacheDSContainer("dc=baeldung,dc=com", "classpath:users.ldif");
    }

    @Bean
    LdapAuthoritiesPopulator authorities(BaseLdapPathContextSource contextSource) {
        String groupSearchBase = "ou=groups";
        DefaultLdapAuthoritiesPopulator authorities = new DefaultLdapAuthoritiesPopulator
           (contextSource, groupSearchBase);
        authorities.setGroupSearchFilter("(member={0})");
        return authorities;
    }

    @Bean
    AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource, 
        LdapAuthoritiesPopulator authorities) {
        LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory
           (contextSource);
        factory.setUserSearchBase("ou=people");
        factory.setUserSearchFilter("(uid={0})");
        return factory.createAuthenticationManager();
    }
 }

This is of course only the LDAP relevant part of the config – the full Java configuration can be found here.

当然,这只是配置中与LDAP相关的部分 – 完整的Java配置可以在这里找到。

4. XML Configuration

4.XML配置

Now, let’s take a look at corresponding XML configuration:

现在,让我们看一下相应的XML配置。

<authentication-manager>
    <ldap-authentication-provider
      user-search-base="ou=people"
      user-search-filter="(uid={0})"
      group-search-base="ou=groups"
      group-search-filter="(member={0})">
    </ldap-authentication-provider>
</authentication-manager>
   
<ldap-server root="dc=baeldung,dc=com" ldif="users.ldif"/>

Again, this is just part of the configuration – the part that is relevant to LDAP; the full XML config can be found here.

同样,这只是配置的一部分–与LDAP相关的部分;完整的XML配置可以在这里找到。

5. LDAP Data Interchange Format

<5.LDAP的数据交换格式。

LDAP data can be represented using the LDAP Data Interchange Format (LDIF) – here’s an example of our user data:

LDAP数据可以用LDAP数据交换格式(LDIF)来表示–这里是我们用户数据的一个例子。

dn: ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=baeldung,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=baeldung,ou=people,dc=baeldung,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Jim Beam
sn: Beam
uid: baeldung
userPassword: password

dn: cn=admin,ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: groupOfNames
cn: admin
member: uid=baeldung,ou=people,dc=baeldung,dc=com

dn: cn=user,ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=baeldung,ou=people,dc=baeldung,dc=com

6. Using Spring Boot

6.使用Spring Boot

When working on a Spring Boot project, we can also use Spring Boot Starter Data Ldap dependency that will automatically instrument LdapContextSource and LdapTemplate for us. 

在进行Spring Boot项目时,我们还可以使用Spring Boot Starter Data Ldap依赖项,它将自动为我们提供LdapContextSourceLdapTemplate

To enable autoconfiguration, we need to ensure that we have the spring-boot-starter-data-ldap Starter or spring-ldap-core defined as a dependency in our pom.xml:

为了启用自动配置,我们需要确保我们有spring-boot-starter-data-ldap Starter或spring-ldap-core在我们的pom.xml中定义为一个依赖。

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>

To connect to LDAP, we need to provide the connection settings in the application.properties:

为了连接到LDAP,我们需要在application.properties中提供连接设置。

spring.ldap.url=ldap://localhost:18889
spring.ldap.base=dc=example,dc=com
spring.ldap.username=uid=admin,ou=system
spring.ldap.password=secret

More details about Spring Data LDAP autoconfiguration can be found in the official documentation. Spring Boot brings in LdapAutoConfiguration which takes care of instrumentation of LdapTemplate which can then be injected into the required service class:

关于Spring Data LDAP自动配置的更多细节可以在官方文档中找到。Spring Boot带来了LdapAutoConfiguration,它负责LdapTemplate的工具化,然后可将其注入所需的服务类中。

@Autowired
private LdapTemplate ldapTemplate;

7. The Application

7.应用

Finally, here is our simple application:

最后,这里是我们的简单应用。

@Controller
public class MyController {

    @RequestMapping("/secure")
    public String secure(Map<String, Object> model, Principal principal) {
        model.put("title", "SECURE AREA");
        model.put("message", "Only Authorized Users Can See This Page");
        return "home";
    }
}

8. Conclusion

8.结论

In this quick guide to Spring Security with LDAP, we learned how to provision a basic system with LDIF and configure the security of that system.

在这篇关于Spring Security with LDAP的快速指南中,我们学习了如何用LDIF配置一个基本系统并配置该系统的安全性。

The full implementation of this tutorial can be found in the GitHub project – this is an Eclipse-based project, so it should be easy to import and run as it is.

本教程的完整实现可以在GitHub 项目中找到 – 这是一个基于 Eclipse 的项目,因此应该很容易导入并按原样运行。