我正在实施 Active Directory 身份验证和自定义授权。对于 ROLE_USER,它显示 ROLE_KAMLESHA 的当前页面,它显示拒绝访问页面。我究竟做错了什么?
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true" access-denied-page="/krams/auth/denied" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN2')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_KAMLESHA')"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<!-- <security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager> -->
<bean id="grantedAuthoritiesMapper" class="org.krams.tutorial.security.ActiveDirectoryGrantedAuthoritiesMapper" />
<bean id="tdrUserDetailsContextMapper" class="org.krams.tutorial.security.UserDetailsContextMapperImpl"/>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="in.xxxxx.net" />
<!-- <beans:constructor-arg value="ldap://xxx.xxx.xxx.xxx:389" /> -->
<constructor-arg value="ldap://xxx.xxx.xxx.xxx:389" />
<!-- <property name="authoritiesMapper" ref="grantedAuthoritiesMapper" /> -->
<property name="userDetailsContextMapper" ref="tdrUserDetailsContextMapper"/>
<property name="useAuthenticationRequestCredentials" value="true" />
<property name="convertSubErrorCodesToExceptions" value="true" />
</bean>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<!-- A custom service where Spring will retrieve users and their corresponding access levels -->
<!-- <bean id="customUserDetailsService" class="org.krams.tutorial.service.CustomUserDetailsService"/> -->
</beans>
package org.krams.tutorial.security;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
public class UserDetailsContextMapperImpl implements UserDetailsContextMapper, Serializable{
private static final long serialVersionUID = 3962976258168853954L;
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authority) {
List<GrantedAuthority> mappedAuthorities = new ArrayList<GrantedAuthority>();
if("kamahire".equals(username)){
mappedAuthorities.add(new GrantedAuthority(){
private static final long serialVersionUID = 4356967414267942910L;
@Override
public String getAuthority() {
//return "ROLE_KAMLESHA";
return "ROLE_USER";
}
});
}else if(username.equals("saslanka")){
mappedAuthorities.add(new GrantedAuthority(){
private static final long serialVersionUID = -5167156646226168080L;
@Override
public String getAuthority() {
return "ROLE_KAMLESHA";
}
});
/*if (granted.getAuthority().equalsIgnoreCase("MY USER GROUP")) {
mappedAuthorities.add(new GrantedAuthority(){
private static final long serialVersionUID = 4356967414267942910L;
@Override
public String getAuthority() {
return "ROLE_USER";
}
});
} else if(granted.getAuthority().equalsIgnoreCase("MY ADMIN GROUP")) {
mappedAuthorities.add(new GrantedAuthority() {
private static final long serialVersionUID = -5167156646226168080L;
@Override
public String getAuthority() {
return "ROLE_ADMIN";
}
});
}*/
}else{
mappedAuthorities.add(new GrantedAuthority(){
private static final long serialVersionUID = -5167156646226168780L;
@Override
public String getAuthority() {
return "ROLE_ADMIN2";
}
});
}
System.out.println("User name is :" + username + " ROLE" + mappedAuthorities.get(0).getAuthority() );
return new User(username, "", true, true, true, true, mappedAuthorities);
}
@Override
public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1) {
}
}