Spring security 集成ldap服务,实现统一验证
2015-08-21 18:20
531 查看
<span style="font-size:18px;">先说一下Spring security 是基于spring的一个强大的安全验证模块,它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能。</span>
LDAP是轻量目录访问协议,基于tcp/ip协议,一般为企业的基本信息的访问提供一个统一的访问方式,它存储的数据是以树形结构存储的,因此,访问速度超快,但是相对的存储速度很慢。当然,你肯定也不能使用sql语句了
首先说一下所需要的jar包,当然也有maven配置,网上应该有很多
spring-security-config
spring-security-core
spring-security-ldap
spring-security-taglibs
spring-security-web
好吧,开始要先配置spring-security,由于本身就是基于spring的,配置起来也很简单
首先在web,xml中配置一个security的filter:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
然后在spring-mvc文件里配置一个bean
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource"/>
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="" />
<property name="defaultRole" value="ROLE_USER"/>
</bean>
</constructor-arg>
</bean>
同时需要配置ldap数据源:
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://192.168.0.1:389/dc=gnetis,dc=com"/>
<property name="userDn" value="cn=Manager,dc=gnetis,dc=com" />
<property name="password" value="admin"/>
</bean>
好的,然后还有一个spring-security.xml需要创建并配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- spring security -->
<http pattern="/login.jsp" security="none"/>
<http pattern="/resources/**" security="none"/>
<!-- 不启用安全验证 -->
<!-- <http pattern="/*" security="none"/> -->
<http auto-config='true'>
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login.jsp" login-processing-url="/loginProcess"
authentication-failure-url="/login.jsp?login_error=1"
default-target-url="/home/index" always-use-default-target="true" />
<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management invalid-session-url="/login.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<authentication-manager>
<authentication-provider ref="ldapAuthProvider"></authentication-provider>
</authentication-manager>
</beans:beans>
一定要注意 xsi:schemaLocation的url地址的填写,否则各种错误。
其中,login.jsp是默认进入页面,home/index是默认页面的路径,
然后将在spring-mvc里配置的bean配置在authentication-manager里面,记得要写login.jsp,如:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ page import="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" %>
<%@ page import="org.springframework.security.core.AuthenticationException" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html>
<html lang="en">
<head>
<base href="<%=basePath%>">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="<%=basePath%>/resources/dist/img/favicon.ico">
<title>XXXXX</title>
<!-- Bootstrap core CSS -->
<link href="<%=basePath%>/resources/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="<%=basePath%>/resources/dist/css/signin.css" rel="stylesheet">
<!-- Just for debugging purposes. Don't actually copy these 2 lines! -->
<!--[if lt IE 9]><script src="../../assets/js/ie8-responsive-file-warning.js"></script><![endif]-->
<script src="<%=basePath%>/resources/dist/js/ie-emulation-modes-warning.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body style="position:absolute;height:100%;background:#007788;">
<div class="container" style="border-top:3px solid #ccc;border-bottom:3px solid #ccc;border-right:5px solid #ccc;<c:if test="${lose=='1'}">border-right:5px solid #F22715;</c:if>background:#FFFFFF;margin-top:150px;color:#007788;opacity: 0.8;">
<div class="row featurette">
<div class="col-md-6">
<p style="color:#085D1F;font-weight:bold;font-size:48px;line-height:250px;text-align:center;"> 全时运营中心</p>
</div>
<div class="col-md-6">
<form class="form-signin" id="f" name="f" action="<c:url value="/loginProcess" />" method="post">
<br>
<br>
<label for="inputEmail" class="sr-only">email</label>
<input type="text" id="inputEmail" name="j_username" class="form-control" placeholder="请输入邮箱" required autofocus>
<br>
<label for="inputPassword" class="sr-only">password</label>
<input type="password" id="inputPassword" name="j_password" class="form-control" placeholder="请输入密码" required>
<input name="_spring_security_remember_me" id="remember_me" type="checkbox"/>
<label for="remember_me">remember</label>
<input class="btn btn-lg btn-success btn-block" value="登录" type="submit"></input>
</form>
<c:if test="${not empty param.login_error}">
<p class="text-center" style="color:red;">
登录失败:<%= ((AuthenticationException) session.getAttribute(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</p>
</c:if>
</div>
</div>
<br>
<br>
</div>
<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<script src="<%=basePath%>/resources/dist/js/ie10-viewport-bug-workaround.js"></script>
</body>
</html>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 读Java Concurrency in Practice. 第六章.
- Struts2学习笔记——02
- Spring MVC 中的基于注解的 Controller
- Java学习笔记·#1·Java环境搭建
- 怎样打包java文件,使之能直接在系统下运行
- java开发个人总结笔记 小技巧
- eclipse
- Java 语言中 List、Set 和 Map 的区别
- Java 语言中 List、Set 和 Map 的区别
- 关于JAVA WEB的点滴碎知识
- 关于eclipse几种插件的安装方法
- java杨辉三角
- Java Mail 邮件发送Demo
- Java基础——成员变量、局部变量和静态变量的区别
- 复制一个JAVA WEB工程
- Spring集成Struts、Hibernate----三大框架SSH(Spring、Struts和hibernate)
- 对于异常的总结
- Java反射机制学习笔记
- 关于volley javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: 错误
- Java中抽象类和接口的区别