0

我在我的应用程序的 web.xml 中使用以下过滤器,通过它我可以通过 java melody 页面进行身份验证。

如何将此身份验证与 LDAP 集成?当我登录时localhost:8080/application/monitoring,它会询问凭据,并且应该根据 LDAP 验证它们。

有可能实现这一目标吗?

<filter>
  <filter-name>monitoring</filter-name>
  <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
  <init-param>
    <param-name>allowed-addr-pattern</param-name>
    <param-value>10\.10\.10\..*|10\.10\.10\.10|10\.10\.10\..*</param-value>
  </init-param>
  <init-param>
    <param-name>authorized-users</param-name>
    <param-value>user1:pwd1, user2:pwd2</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>monitoring</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
  <listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
4

1 回答 1

0 
    The following is the configuration that needs to be done in web.xml and  

1.server.xml in case of tomcat 
2.jetty.xml in case of jetty    

    web.xml code:
    ==============

        <filter>
                <filter-name>monitoring</filter-name>
                <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
                <init-param>
                    <param-name>allowed-addr-pattern</param-name>
                    <param-value>127.0.0.1</param-value>
                </init-param>
            </filter>
            <filter-mapping>
                <filter-name>monitoring</filter-name>
                <url-pattern>/monitoring</url-pattern>
            </filter-mapping>
            <listener>
                <listener-class>net.bull.javamelody.SessionListener</listener-class>
            </listener>


            <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>Monitoring</realm-name>
            </login-config>
            <security-role>
                <role-name>tomcat</role-name>
            </security-role>
            <security-constraint>
                <web-resource-collection>
                    <web-resource-name>Monitoring</web-resource-name>
                    <url-pattern>/monitoring</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                    <role-name>tomcat</role-name>
                </auth-constraint>
                <!-- if SSL enabled (SSL and certificate must then be configured in the 
                    server) <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
                    </user-data-constraint> -->
            </security-constraint>


    In Tomcat:
    ===========

    Add the following realm in tomcat_home/conf/server.xml
    =======================================================

    <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
                        connectionURL="ldap://ldapip:ldapport/" userSubtree="true"
                        userBase="ou=xyz,dc=abc,dc=com" userSearch="(uid={0})"
                        roleBase="ou=Group,dc=abc,dc=com" roleName="cn" 
                        roleSearch="(memberUid={0})" roleSubtree="true"/>

    In Jetty:
    ===========

    Add this code in jetty.xml

        <Configure id='wac' class="org.eclipse.jetty.webapp.WebAppContext">

          <Set name="contextPath">/abc</Set>
          <Set name="war"><Property name="jetty.webapps" default="."/>/abc.war</Set>
          <Set name="extractWAR">true</Set>

          <Set name="securityHandler">
            <New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
             <Set name="loginService">
               <New class="org.eclipse.jetty.jaas.JAASLoginService">
                 <Set name="name">Monitoring</Set>
                 <Set name="loginModuleName">ldaploginmodule</Set>
               </New>
             </Set>
            </New>
          </Set>

        </Configure>




      create a file login.conf file in etc folder of jetty_base directory:



         ldaploginmodule {
               org.eclipse.jetty.jaas.spi.LdapLoginModule required
               debug="true"
               contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
               hostname="ldapip"
               port="ldapport"
               authenticationmenthod="simple"
               forceBindingLogin="true"
               userBaseDn="ou=People,dc=abc,dc=com"
               userRdnAttribute="uid"
               userIdAttribute="uid"
               userObjectClass="posixAccount"
               roleBaseDn="ou=Group,dc=abc,dc=com"
               roleNameAttribute="cn"
               roleMemberAttribute="memberUid"
               roleObjectClass="posixGroup";
               };
于 2016-04-18T04:26:18.440 回答