Spring Security如何验证在WebLogic上配置了Authentication Provider的AD用户?

mkh04yzy  于 2023-06-23  发布在  Spring
关注(0)|答案(1)|浏览(131)

用例:

Sping Boot 应用程序v2.7.x为了安全起见,我尝试配置一个SecurityFilterChain,它将指向在WebLogic v14.x.x中配置的身份验证提供程序(LDAP)。
LDAP的WebLogic配置已在此处完成:
Security Realms > myrealm > Providers > Authentication选项卡

问题:

我如何将Sping Boot 应用程序指向使用WebLogic身份验证提供程序,即Spring Security配置。可能是LDAP身份验证部分下的here之类的内容?
顺便说一句,我可能需要这些:

pom.xml
<dependency>
    <groupId>com.oracle.weblogic</groupId>
    <artifactId>weblogic-server-pom</artifactId>
    <version>12.2.1.4</version> <!-- Use the appropriate version for your WebLogic installation -->
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>com.oracle.weblogic</groupId>
    <artifactId>wlthint3client</artifactId>
    <version>12.2.1.4</version> <!-- Use the appropriate version for your WebLogic installation -->
    <scope>provided</scope>
</dependency>

weblogic.xml
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
    <security-role-assignment>
        <role-name>authenticated-users</role-name>
        <principal-name>users</principal-name> 
    </security-role-assignment>
</weblogic-web-app>

注意:

我不想使用直接指向AD的ActiveDirectoryLdapAuthenticationProvider
最后的答案可能是这两个SO帖子的扩展,thisthis

WebLogic中配置的身份验证提供程序(LDAP):

6qftjkof

6qftjkof1#

我在weblogic www.example.com中部署了一个使用weblogic身份验证的spring Boot 应用程序12.2.1.4。我把它配置如下...

src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">

  <context-param>
    <param-name>spring.profiles.active</param-name>
    <param-value>default</param-value>
  </context-param>
  
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login</form-login-page>
      <form-error-page>/login</form-error-page>
    </form-login-config>
  </login-config>

  <security-role>
    <role-name>USER</role-name>
  </security-role>
  
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Jobs</web-resource-name>
      <url-pattern>/jobs/*</url-pattern>
    </web-resource-collection>
    <web-resource-collection>
      <web-resource-name>Executions</web-resource-name>
      <url-pattern>/executions/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>USER</role-name>
    </auth-constraint>
    <user-data-constraint>
      <description>This is how the user data must be transmitted</description>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

</web-app>

src/main/webapp/WEB-INF/weblogic.xml

<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.4/weblogic-web-app.xsd">
  <context-root>cmx-customer-file-faker</context-root>
  <container-descriptor>
    <prefer-application-packages>
      <package-name>org.slf4j.*</package-name>
      <package-name>org.springframework.*</package-name>
      <package-name>com.fasterxml.jackson.*</package-name>
    </prefer-application-packages>

    <prefer-application-resources>
      <resource-name>org/slf4j/impl/StaticLoggerBinder.class</resource-name>
    </prefer-application-resources>
  </container-descriptor>
  
  <security-role-assignment>
    <role-name>USER</role-name>
    <principal-name>users</principal-name>
  </security-role-assignment>
</weblogic-web-app>

WebSecurityConfig-这是spring security配置为通过J2eePreAuthenticatedProcessingFilter使用weblogic身份验证的地方

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public MappableAttributesRetriever webXmlRolesParser() {
        return new WebXmlMappableAttributesRetriever();
    }

    @Bean
    public Attributes2GrantedAuthoritiesMapper roles2GrantedAuthoritiesMapper() {
        SimpleAttributes2GrantedAuthoritiesMapper var = new SimpleAttributes2GrantedAuthoritiesMapper();
        var.setAttributePrefix("");
        return var;
    }

    @Bean
    public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource authenticationDetailsSource() {
        J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource var = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
        var.setMappableRolesRetriever(webXmlRolesParser());
        var.setUserRoles2GrantedAuthoritiesMapper(roles2GrantedAuthoritiesMapper());
        return var;
    }

    @Bean
    public AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getUserDetailsService() {
        return new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
    }

    @Bean
    public AuthenticationProvider preAuthenticatedAuthenticationProvider() {
        PreAuthenticatedAuthenticationProvider var = new PreAuthenticatedAuthenticationProvider();
        var.setPreAuthenticatedUserDetailsService(getUserDetailsService());
        return var;
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(Arrays.asList(preAuthenticatedAuthenticationProvider()));
    }

    @Bean
    public J2eePreAuthenticatedProcessingFilter j2eePreAuthFilter() {
        J2eePreAuthenticatedProcessingFilter var = new J2eePreAuthenticatedProcessingFilter();
        var.setAuthenticationDetailsSource(authenticationDetailsSource());
        var.setAuthenticationManager(authenticationManager());
        return var;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(j2eePreAuthFilter(), AbstractPreAuthenticatedProcessingFilter.class)
                .authorizeRequests()
                .anyRequest()
                .permitAll()
                .and()
                .logout().logoutSuccessUrl("/bye")
                .and()
                .csrf().disable();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/webjars/**", "/login");
        super.configure(web);
    }

}

登录控制器

@Controller
public class LoginController {

    @RequestMapping("/login")
    public String getLoginForm(HttpServletRequest request, Model model) {
        return "login";
    }

    @GetMapping("/bye")
    public String logoutSuccess() {
        return "logout";
    }

}

login.ftlh-我的freemarker登录页面模板。

<#import "/spring.ftl" as spring />

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    
    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="<@spring.url '/webjars/bootstrap/5.1.3/css/bootstrap.min.css'/>"/>
    <link rel="stylesheet" href="<@spring.url '/webjars/font-awesome/5.15.4/css/all.min.css'/>"/>
    
    <style>
    .fas.btn {
        font-weight: 900;
    }
    </style>

</head>  
<body>  
    <nav class="navbar navbar-expand-lg navbar-light" style="background-color: rgb(248, 249, 250)">
      <div class="container">
        <a class="navbar-brand" href="<@spring.url '/'/>">Login</a>
      </div>
    </nav>  
    
    <div class="mt-5 container">
        <div class="row justify-content-center">
            <div class="col-8">
                <#if Request['javax.servlet.error.message']??>
                <div class="alert alert-danger alert-dismissible fade show mb-5" role="alert">
                    ${Request['javax.servlet.error.message']}
                    <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                </div>
                </#if>
                <form class="card" method="POST" action="j_security_check">
                    <div class="card-header">
                        <h5>Enter your login details</h5>
                    </div>
                    <div class="card-body">
                        <div class="mb-3">
                            <label for="InputUserName" class="form-label">User Name</label>
                            <input name="j_username" class="form-control" id="InputUserName" aria-describedby="userNameHelp">
                        </div>
                        <div class="mb-3">
                            <label for="InputPassword" class="form-label">Password</label>
                            <input name="j_password" type="password" class="form-control" id="InputPassword">
                        </div>
                        <button type="submit" class="btn btn-primary">Login</button>
                    </div>
                </form>
            </div>
        </div>
    </div>
    
    <script src="<@spring.url '/webjars/bootstrap/5.1.3/js/bootstrap.bundle.min.js'/>"></script>
</body>  
</html>

pom.xmlspring Boot 依赖

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-freemarker</artifactId>
    </dependency>
    <dependency>
        <groupId>org.webjars</groupId>
        <artifactId>bootstrap</artifactId>
        <version>5.1.3</version>
    </dependency>
    <dependency>
        <groupId>org.webjars</groupId>
        <artifactId>font-awesome</artifactId>
        <version>5.15.4</version>
    </dependency>
    ...
</dependencies>

相关问题