SpringSecurity初步理解

Authenticating a User with LDAP

首先创建一个简单的web控制器

 1 package hello;
 2 
 3 import org.springframework.web.bind.annotation.GetMapping;
 4 import org.springframework.web.bind.annotation.RestController;
 5 
 6 @RestController
 7 public class HomeController {
 8 
 9     @GetMapping("/")
10     public String index() {
11         return "Welcome to the home page!";
12     }
13 }

老生常谈，用到springboot，肯定少不了它的启动类

package hello;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}

SpringSecurity需要用到的maven依赖如下图

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.ldap</groupId>
        <artifactId>spring-ldap-core</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-ldap</artifactId>
    </dependency>
    <dependency>
        <groupId>com.unboundid</groupId>
        <artifactId>unboundid-ldapsdk</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

开始做详细的安全认证，安全认证的思路是这样的“

创建一个类并继承WebSecurityConfigurerAdapter这个方法，并在之类中重写configure的3个方法，
其中3个方法中参数包括为
HttpSecurity（HTTP请求安全处理），AuthenticationManagerBuilder（身份验证管理生成器）和WebSecurity（WEB安全）。

如下代码

 1 package com.ssm.demo.com.ssm.Hello;
 2 
 3 import org.springframework.context.annotation.ComponentScan;
 4 import org.springframework.context.annotation.Configuration;
 5 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 7 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 8 import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
 9 /**
10  *
11  创建一个类并继承WebSecurityConfigurerAdapter这个方法，并在之类中重写configure的3个方法，
12  其中3个方法中参数包括为
13  HttpSecurity（HTTP请求安全处理），AuthenticationManagerBuilder（身份验证管理生成器）和WebSecurity（WEB安全）。
14  */
15 @Configuration
16 @ComponentScan
17 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
18     /**
19      * http请求安全处理
20      * @param http
21      * @throws Exception
22      */
23     @Override
24     protected void configure(HttpSecurity http) throws Exception {
25         //http.authorizeRequests()这里的意思是通过方法来开始请求权限配置，
26         //fullyAuthenticated()意为用户完全认证可以访问
27         //and()是返回一个securityBuilder对象，formLogin()和httpBasic()是授权的两种方式
28         http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();
29     }
30 
31     /**
32      * 身份验证管理生成器
33      * @param auth
34      * @throws Exception
35      */
36     @Override
37     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
38         auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups").contextSource().
39                 url("ldap://localhost:8389/dc=springframework,dc=org").and().passwordCompare().passwordEncoder(new LdapShaPasswordEncoder())
40                 .passwordAttribute("userPassword");
41     }
42 }

设置用户数据，使用到LDAP服务器（ldif文件），

在yml中添加LDAP服务的代理

server:
  servlet:
    context-path: /llh
  port: 8082
spring:
  datasource:
    url: jdbc:mysql://127.0.0.1:3306/depot?useUnicode=true&characterEncoding=utf8
    username: root
    password: 123456
  servlet:
    multipart:
      max-file-size: 128KB
      max-request-size: 128KB
  ldap:
    embedded:
      ldif: classpath:test-server.ldif
      base-dn: dc=springframework,dc=org
      port: 8389

resource文件夹下面创建一个test-server.ldif文件

  1 dn: dc=springframework,dc=org
  2 objectclass: top
  3 objectclass: domain
  4 objectclass: extensibleObject
  5 dc: springframework
  6 
  7 dn: ou=groups,dc=springframework,dc=org
  8 objectclass: top
  9 objectclass: organizationalUnit
 10 ou: groups
 11 
 12 dn: ou=subgroups,ou=groups,dc=springframework,dc=org
 13 objectclass: top
 14 objectclass: organizationalUnit
 15 ou: subgroups
 16 
 17 dn: ou=people,dc=springframework,dc=org
 18 objectclass: top
 19 objectclass: organizationalUnit
 20 ou: people
 21 
 22 dn: ou=space cadets,dc=springframework,dc=org
 23 objectclass: top
 24 objectclass: organizationalUnit
 25 ou: space cadets
 26 
 27 dn: ou=\"quoted people\",dc=springframework,dc=org
 28 objectclass: top
 29 objectclass: organizationalUnit
 30 ou: "quoted people"
 31 
 32 dn: ou=otherpeople,dc=springframework,dc=org
 33 objectclass: top
 34 objectclass: organizationalUnit
 35 ou: otherpeople
 36 
 37 dn: uid=ben,ou=people,dc=springframework,dc=org
 38 objectclass: top
 39 objectclass: person
 40 objectclass: organizationalPerson
 41 objectclass: inetOrgPerson
 42 cn: Ben Alex
 43 sn: Alex
 44 uid: ben
 45 userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
 46 
 47 dn: uid=bob,ou=people,dc=springframework,dc=org
 48 objectclass: top
 49 objectclass: person
 50 objectclass: organizationalPerson
 51 objectclass: inetOrgPerson
 52 cn: Bob Hamilton
 53 sn: Hamilton
 54 uid: bob
 55 userPassword: bobspassword
 56 
 57 dn: uid=joe,ou=otherpeople,dc=springframework,dc=org
 58 objectclass: top
 59 objectclass: person
 60 objectclass: organizationalPerson
 61 objectclass: inetOrgPerson
 62 cn: Joe Smeth
 63 sn: Smeth
 64 uid: joe
 65 userPassword: joespassword
 66 
 67 dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
 68 objectclass: top
 69 objectclass: person
 70 objectclass: organizationalPerson
 71 objectclass: inetOrgPerson
 72 cn: Mouse, Jerry
 73 sn: Mouse
 74 uid: jerry
 75 userPassword: jerryspassword
 76 
 77 dn: cn=slash/guy,ou=people,dc=springframework,dc=org
 78 objectclass: top
 79 objectclass: person
 80 objectclass: organizationalPerson
 81 objectclass: inetOrgPerson
 82 cn: slash/guy
 83 sn: Slash
 84 uid: slashguy
 85 userPassword: slashguyspassword
 86 
 87 dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
 88 objectclass: top
 89 objectclass: person
 90 objectclass: organizationalPerson
 91 objectclass: inetOrgPerson
 92 cn: quote\"guy
 93 sn: Quote
 94 uid: quoteguy
 95 userPassword: quoteguyspassword
 96 
 97 dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org
 98 objectclass: top
 99 objectclass: person
100 objectclass: organizationalPerson
101 objectclass: inetOrgPerson
102 cn: Space Cadet
103 sn: Cadet
104 uid: space cadet
105 userPassword: spacecadetspassword
106 
107 
108 
109 dn: cn=developers,ou=groups,dc=springframework,dc=org
110 objectclass: top
111 objectclass: groupOfUniqueNames
112 cn: developers
113 ou: developer
114 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
115 uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
116 
117 dn: cn=managers,ou=groups,dc=springframework,dc=org
118 objectclass: top
119 objectclass: groupOfUniqueNames
120 cn: managers
121 ou: manager
122 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
123 uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
124 
125 dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
126 objectclass: top
127 objectclass: groupOfUniqueNames
128 cn: submanagers
129 ou: submanager
130 uniqueMember: uid=ben,ou=people,dc=springframework,dc=org

这时候就可以启动springboot的启动类，键入地址：http://127.0.0.1:8082/llh/，发现已经被拦截下来了，并且重定向到了Spring Security提供的登录页面

，见下图：

输入用户名：ben，密码：benspassword，即可登录。