springboot官方例子--使用SpringSecurity和LDAP对用户进行身份验证...

2023年6月21日发(作者：)

springboot官⽅例⼦--使⽤SpringSecurity和LDAP对⽤户进⾏⾝份验证本次讲的内容是，使⽤Spring Security和LDAP对⽤户进⾏⾝份验证，你将学到Spring Security知识，这是⼀个⾮常常⽤的安全框架（另外⼀个是 shiro);然后你将学到LDAP，这是⼀个⾮常轻量⽬录访问协议，特别适合如部门信息号⼯等这种有层次结构的树形数据。我利⽤业余时间，翻译了Spring官⽹的例⼦，⽅便中⽂不好的同学，将陆续发到头条上，欢迎⼤家关注，也可以上我个⼈BLOG：，上⾯有已经翻译过的。springboot官⽅例⼦–对⽤户进⾏⾝份验证正⽅代码如下：程序结构└── src └── main └── java └── ⽂件 4.0.0 framework gs-authenticating-ldap 0.1.0 spring-boot-starter-parent E 1.8 spring-boot-starter-web spring-boot-starter-test test spring-boot-maven-plugin Spring Boot将会你做如下的事:将 classpath ⾥⾯所有⽤到的jar包构建成⼀个可执⾏的 JAR ⽂件，⽅便执⾏你的程序搜索public static void main()⽅法并且将它当作可执⾏类根据springboot版本，去查找相应的依赖类版本，当然你可以定义其它版本。创建⼀个简单的web控制器在Spring中，REST端点就是SpringMVC控制器。以下Spring MVC控制器通过返回简单消息来处理GET / 请求：src/main/java/hello/ckage hello;import ping;import ntroller;@RestControllerpublic class HomeController { @GetMapping("/") public String index() { return "Welcome to the home page!"; }}整个类都标记了@RestController，因此SpringMVC可以使⽤其内置的扫描功能⾃动检测控制器，并⾃动配置Web路由。该⽅法⽤ @GetMapping标记，⽤以标记路径和REST操作。在这种情况下，默认⾏为是GET，它返回⼀条消息。@RestController还告诉SpringMVC直接将⽂本写⼊HTTP响应主体，因为没有任何视图。本指南在你访问页⾯时，您将在浏览器中收到⼀条简单的消息，因为本次重点是使⽤LDAP保护页⾯。创建⼀个不安全web应⽤在保护Web应⽤程序之前，请验证它是否正常⼯作。要做到这⼀点，您需要定义⼀些关键bean。为此，创建⼀个应⽤程序类。src/main/java/hello/ckage hello;import Application;import BootApplication;@SpringBootApplicationpublic class Application { public static void main(String[] args) { (, args); }}@SpringBootApplication包含如下注解:@Configuration 将类标记为应⽤程序上下⽂的bean定义源。@EnableAutoConfiguration 告诉SpringBoot根据类路径设置、其他bean和各种属性设置开始添加bean。@ComponentScan 告诉Spring在hello包中查找其他组件、配置和服务。您注意到没有⼀⾏XML吗？也没有⽂件。这个Web应⽤程序是100%纯Java，您不必⿇烦的基础配置。SpringBoot⽀持内存中的关系数据库引擎H2，并⾃动创建连接。因为我们使⽤的是SpringJDBC，所以SpringBoot会⾃动创建⼀个JDBCTemplate。@Autowired JdbcTemplate字段⾃动加载并使其可⽤。** 运⾏你的程序(STS下，Maven可参考前⾯⽂章)**右键-选择Run as-Spring Boot App：Welcome to the home page!设置Spring Security要配置Spring安全性，⾸先需要添加⼀些额外的依赖项。 spring-boot-starter-web spring-boot-starter-security spring-ldap-core ty spring-security-ldap did unboundid-ldapsdk spring-boot-starter-test test ty spring-security-test test 这些依赖项增加了Spring Security和UnboundId。UnboundId是⼀个开源LDAP服务器。这样，您就可以使⽤纯Java来配置安全策略。src/main/java/hello/ckage hello;import uration;import ticationManagerBuilder;import curity;import urityConfigurerAdapter;import aPasswordEncoder;@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().fullyAuthenticated() .and() .formLogin(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups") .contextSource() .url("ldap://localhost:8389/dc=springframework,dc=org") .and() .passwordCompare() .passwordEncoder(new LdapShaPasswordEncoder()) .passwordAttribute("userPassword"); }}@EnableWebSecurity开启了使⽤Spring Security所需的各种bean。您还需要⼀个LDAP服务器。Spring boot提供了⼀个⾃动配置的、纯Java编写的嵌⼊式服务器，我们本次⽤这个。 ldapAuthentication()⽅法配置登录表单的⽤户名插⼊{0}的位置，以便在LDAP服务器中搜索uid={0},ou=people,dc=springframework,dc=org。此外,passwordCompare()⽅法还配置编码器和密码属性的名称。设置⽤户数据LDAP服务器可以使⽤LDIF（LDAP数据交换格式）⽂件来交换⽤户数据。ties中的属性允许Springboot导⼊LDIF数据⽂件，这很⽅便预加载模拟数据。src/main/resources/: dc=springframework,dc=orgobjectclass: topobjectclass: domainobjectclass: extensibleObjectdc: springframeworkdn: ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: groupsdn: ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: subgroupsdn: ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: peopledn: ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: space cadetsdn: ou="quoted people",dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: "quoted people"dn: ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: otherpeopledn: uid=ben,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Ben Alexsn: Alexuid: benuserPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=dn: uid=bob,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Bob Hamiltonsn: Hamiltonuid: bobuserPassword: bobspassworddn: uid=joe,ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Joe Smethsn: Smethuid: joeuserPassword: joespassworddn: cn=mouse, jerry,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Mouse, Jerrysn: Mouseuid: jerryuserPassword: jerryspassworddn: cn=slash/guy,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: slash/guysn: Slashuid: slashguyuserPassword: slashguyspassworddn: cn=quote"guy,ou="quoted people",dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: quote"guysn: Quoteuid: quoteguyuserPassword: quoteguyspassworddn: uid=space cadet,ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Space Cadetsn: Cadetuid: space cadetuserPassword: spacecadetspassworddn: cn=developers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: developersou: developeruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: uid=bob,ou=people,dc=springframework,dc=orgdn: cn=managers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: managersou: manageruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: cn=mouse, jerry,ou=people,dc=springframework,dc=orgdn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: submanagersou: submanageruniqueMember: uid=ben,ou=people,dc=springframework,dc=org使⽤LDIF⽂件不是⽣产系统的标准配置,但它对于测试⽬的⾮常有⽤。输⼊⽤户名:ben和密码:bensapsword。您应该在浏览器中看到此消息：Welcome to the home page!

2023年6月21日发(作者：)

springboot官⽅例⼦--使⽤SpringSecurity和LDAP对⽤户进⾏⾝份验证本次讲的内容是，使⽤Spring Security和LDAP对⽤户进⾏⾝份验证，你将学到Spring Security知识，这是⼀个⾮常常⽤的安全框架（另外⼀个是 shiro);然后你将学到LDAP，这是⼀个⾮常轻量⽬录访问协议，特别适合如部门信息号⼯等这种有层次结构的树形数据。我利⽤业余时间，翻译了Spring官⽹的例⼦，⽅便中⽂不好的同学，将陆续发到头条上，欢迎⼤家关注，也可以上我个⼈BLOG：，上⾯有已经翻译过的。springboot官⽅例⼦–对⽤户进⾏⾝份验证正⽅代码如下：程序结构└── src └── main └── java └── ⽂件 4.0.0 framework gs-authenticating-ldap 0.1.0 spring-boot-starter-parent E 1.8 spring-boot-starter-web spring-boot-starter-test test spring-boot-maven-plugin Spring Boot将会你做如下的事:将 classpath ⾥⾯所有⽤到的jar包构建成⼀个可执⾏的 JAR ⽂件，⽅便执⾏你的程序搜索public static void main()⽅法并且将它当作可执⾏类根据springboot版本，去查找相应的依赖类版本，当然你可以定义其它版本。创建⼀个简单的web控制器在Spring中，REST端点就是SpringMVC控制器。以下Spring MVC控制器通过返回简单消息来处理GET / 请求：src/main/java/hello/ckage hello;import ping;import ntroller;@RestControllerpublic class HomeController { @GetMapping("/") public String index() { return "Welcome to the home page!"; }}整个类都标记了@RestController，因此SpringMVC可以使⽤其内置的扫描功能⾃动检测控制器，并⾃动配置Web路由。该⽅法⽤ @GetMapping标记，⽤以标记路径和REST操作。在这种情况下，默认⾏为是GET，它返回⼀条消息。@RestController还告诉SpringMVC直接将⽂本写⼊HTTP响应主体，因为没有任何视图。本指南在你访问页⾯时，您将在浏览器中收到⼀条简单的消息，因为本次重点是使⽤LDAP保护页⾯。创建⼀个不安全web应⽤在保护Web应⽤程序之前，请验证它是否正常⼯作。要做到这⼀点，您需要定义⼀些关键bean。为此，创建⼀个应⽤程序类。src/main/java/hello/ckage hello;import Application;import BootApplication;@SpringBootApplicationpublic class Application { public static void main(String[] args) { (, args); }}@SpringBootApplication包含如下注解:@Configuration 将类标记为应⽤程序上下⽂的bean定义源。@EnableAutoConfiguration 告诉SpringBoot根据类路径设置、其他bean和各种属性设置开始添加bean。@ComponentScan 告诉Spring在hello包中查找其他组件、配置和服务。您注意到没有⼀⾏XML吗？也没有⽂件。这个Web应⽤程序是100%纯Java，您不必⿇烦的基础配置。SpringBoot⽀持内存中的关系数据库引擎H2，并⾃动创建连接。因为我们使⽤的是SpringJDBC，所以SpringBoot会⾃动创建⼀个JDBCTemplate。@Autowired JdbcTemplate字段⾃动加载并使其可⽤。** 运⾏你的程序(STS下，Maven可参考前⾯⽂章)**右键-选择Run as-Spring Boot App：Welcome to the home page!设置Spring Security要配置Spring安全性，⾸先需要添加⼀些额外的依赖项。 spring-boot-starter-web spring-boot-starter-security spring-ldap-core ty spring-security-ldap did unboundid-ldapsdk spring-boot-starter-test test ty spring-security-test test 这些依赖项增加了Spring Security和UnboundId。UnboundId是⼀个开源LDAP服务器。这样，您就可以使⽤纯Java来配置安全策略。src/main/java/hello/ckage hello;import uration;import ticationManagerBuilder;import curity;import urityConfigurerAdapter;import aPasswordEncoder;@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().fullyAuthenticated() .and() .formLogin(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups") .contextSource() .url("ldap://localhost:8389/dc=springframework,dc=org") .and() .passwordCompare() .passwordEncoder(new LdapShaPasswordEncoder()) .passwordAttribute("userPassword"); }}@EnableWebSecurity开启了使⽤Spring Security所需的各种bean。您还需要⼀个LDAP服务器。Spring boot提供了⼀个⾃动配置的、纯Java编写的嵌⼊式服务器，我们本次⽤这个。 ldapAuthentication()⽅法配置登录表单的⽤户名插⼊{0}的位置，以便在LDAP服务器中搜索uid={0},ou=people,dc=springframework,dc=org。此外,passwordCompare()⽅法还配置编码器和密码属性的名称。设置⽤户数据LDAP服务器可以使⽤LDIF（LDAP数据交换格式）⽂件来交换⽤户数据。ties中的属性允许Springboot导⼊LDIF数据⽂件，这很⽅便预加载模拟数据。src/main/resources/: dc=springframework,dc=orgobjectclass: topobjectclass: domainobjectclass: extensibleObjectdc: springframeworkdn: ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: groupsdn: ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: subgroupsdn: ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: peopledn: ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: space cadetsdn: ou="quoted people",dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: "quoted people"dn: ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: otherpeopledn: uid=ben,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Ben Alexsn: Alexuid: benuserPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=dn: uid=bob,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Bob Hamiltonsn: Hamiltonuid: bobuserPassword: bobspassworddn: uid=joe,ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Joe Smethsn: Smethuid: joeuserPassword: joespassworddn: cn=mouse, jerry,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Mouse, Jerrysn: Mouseuid: jerryuserPassword: jerryspassworddn: cn=slash/guy,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: slash/guysn: Slashuid: slashguyuserPassword: slashguyspassworddn: cn=quote"guy,ou="quoted people",dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: quote"guysn: Quoteuid: quoteguyuserPassword: quoteguyspassworddn: uid=space cadet,ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Space Cadetsn: Cadetuid: space cadetuserPassword: spacecadetspassworddn: cn=developers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: developersou: developeruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: uid=bob,ou=people,dc=springframework,dc=orgdn: cn=managers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: managersou: manageruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: cn=mouse, jerry,ou=people,dc=springframework,dc=orgdn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: submanagersou: submanageruniqueMember: uid=ben,ou=people,dc=springframework,dc=org使⽤LDIF⽂件不是⽣产系统的标准配置,但它对于测试⽬的⾮常有⽤。输⼊⽤户名:ben和密码:bensapsword。您应该在浏览器中看到此消息：Welcome to the home page!