我正在使用 Spring Security 并从 LDAP 数据库进行身份验证。身份验证工作正常,但我无法使用角色!
在 spring-security.xml 中有这个标签:
<security:intercept-url pattern="/app/main/admin" access="hasRole('ROLE_USER')"/>
我的问题是,“ROLE_USER”在哪里定义?如何使用户属于特定角色?这是否发生在 LDAP 数据库中?如果是,那我该怎么做?我对 LDAP 知之甚少。它是我定义角色的另一个配置文件吗?
谢谢您的帮助。
我知道我们可以在 LDAP 身份验证后为用户分配角色的两种方法。
请参阅此处:如何将 AD 组映射到用户角色 Spring Security LDAP
配置:
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg name="authenticator">
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userSearch">
<beans:bean
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg name="searchBase"
value="ou=example,dc=springframework,dc=org" />
<beans:constructor-arg name="searchFilter"
value="(uid={0})" />
<beans:constructor-arg name="contextSource"
ref="contextSource" />
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg name="authoritiesPopulator"
ref="myLDAPAuthPopulator" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
myLDAPAuthPopulator的实现:
@Component("myLDAPAuthPopulator")
public class MyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
@Autowired
private UserDao userDao;
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
List<String> roleList = userDao.getRoles(username);
if (!roleList.isEmpty()) {
for (String role : roleList) {
System.out.println(role);
authorities.add(new SimpleGrantedAuthority(role));
}
}
else
{
//We know that user is authenticated. So you can add a role here and save it in the database.
}
return authorities;
}