我们的遗留应用程序部署在glassfish上,并使用 javax.security 管理授权。
下面的代码从 LDAP 用户所属的活动控制器组:
try{
subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
Principal principal;
if (subject != null) {
Iterator<Principal> principalsIt = subject.getPrincipals().iterator();
while (principalsIt.hasNext()) {
principal = principalsIt.next();
ldapGroups.add(principal.toString());
}
}
}catch (PolicyContextException e) {
...
}在我们新的spring启动应用程序中,登录后,我们可以使用spring SecurityContextHolder 要获取用户详细信息,请执行以下操作:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String currentPrincipalName = authentication.getName();这是对用户进行身份验证和授权的方式:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().userSearchFilter("(...)")
.userSearchBase("...")
.groupSearchBase("...").groupSearchFilter("member={0}").contextSource()
.url("...").managerDn("...").managerPassword("...");
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests().antMatchers("/*/**").permitAll().anyRequest().fullyAuthenticated().and()
.formLogin().loginPage("/login").successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
redirectStrategy.sendRedirect(request, response, "/campaigns/myCampaigns");
}
});
}
}是否有一种方法可以修改用户登录的代码,以便在对用户进行身份验证和授权的同时,还可以检索用户的组。到目前为止,我发现的唯一例子涉及使用 LdapTemplate 另外打个电话。
谢谢
暂无答案!
目前还没有任何答案,快来回答吧!