This section will teach you to build a project and add the Spring Security LDAP module to it in one step.
You will create a program that is encrypted with the services provided by Spring Security, which embeds Java basic LDAP encryption. You start the service by loading a configuration file that has a collection of user name passwords configured.
1, build a simple controller.
The controller writes back a simple sentence to the front end.
As follows:
1 Packagecn.tiny77.guide06;2 3 Importorg.springframework.web.bind.annotation.GetMapping;4 ImportOrg.springframework.web.bind.annotation.RestController;5 6 @RestController7 Public classHomeController {8 9@GetMapping ("/")Ten PublicString Index () { One return"Welcome to the home page!"; A } -}
The startup program is as follows:
1 Packagecn.tiny77.guide06;2 3 Importorg.springframework.boot.SpringApplication;4 Importorg.springframework.boot.autoconfigure.SpringBootApplication;5 6 @SpringBootApplication7 Public classApp {8 9 Public Static voidMain (string[] args) {TenSpringapplication.run (App.class, args); One } A -}
Now, we can access the controller without verifying the identity.
Visit http://localhost:8080 and you will see a short text message.
2. Embed Spring Security
Create a new class that configures spring Security with Java code
1 Packagecn.tiny77.guide06;2 3 Importjava.util.Arrays;4 5 ImportOrg.springframework.context.annotation.Bean;6 Importorg.springframework.context.annotation.Configuration;7 ImportOrg.springframework.security.authentication.encoding.LdapShaPasswordEncoder;8 ImportOrg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;9 Importorg.springframework.security.config.annotation.web.builders.HttpSecurity;Ten ImportOrg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; One ImportOrg.springframework.security.ldap.DefaultSpringSecurityContextSource; A - @Configuration - Public classWebsecurityconfigextendsWebsecurityconfigureradapter { the - @Override - protected voidConfigure (Httpsecurity http)throwsException { - http.authorizerequests (). Anyrequest (). fullyauthenticated (). and (). Formlogin (); + } - + @Override A Public voidConfigure (Authenticationmanagerbuilder auth)throwsException { atAuth.ldapauthentication (). Userdnpatterns ("Uid={0},ou=people"). Groupsearchbase ("Ou=groups")) -. Contextsource (Contextsource ()). Passwordcompare (). Passwordencoder (NewLdapshapasswordencoder ()) -. Passwordattribute ("UserPassword"); - } - - @Bean in PublicDefaultspringsecuritycontextsource Contextsource () { - return NewDefaultspringsecuritycontextsource (Arrays.aslist ("ldap://localhost:8389/"), to"Dc=springframework,dc=org"); + } - the}
The @EnableWebSecurity annotation function is to turn on the check switch.
You need an LDAP service at the same time, Springboot can automate the configuration of a service written purely in Java code, which we will use in this example.
The role of the LdapAuthentication method is to insert username from the form into the string ' {0} ', which the LDAP service queries uid={0},ou=people,dc=springframework,dc=org.
At the same time, the Passwordcompare method configures the name of the decoder and password, obtains the password and verifies.
3. Set up user data
The LDAP Service can replace user data with LDIF (LDAP Data interchange Format).
The Spring.ldap.embedded.ldif property in Application.properties allows Springboot to introduce an LDIF file, which makes it easy to load user data.
Dn:dc=springframework,dc=Orgobjectclass:topobjectclass:domainobjectclass:extensibleObjectdc:springframeworkdn:ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:groupsdn:ou=subgroups,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:subgroupsdn:ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:peopledn:ou=space cadets,dc=springframework,dc=orgobjectclass:topobjectclass:organizationalUnitou:space Cadetsdn:ou=\"quoted People\ ", Dc=springframework,dc=orgObjectclass:topobjectclass:organizationalUnitou:"quoted People"Dn:ou=otherpeople,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:otherpeopledn:uid=ben,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Ben alexsn: Alexuid:benuserpassword: {sha}nfcebwjxfalbhhg1qk5uu4trbvq=Dn:uid=bob,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Bob Hamiltonsn:Hamiltonuid:bobuserPassword:bobspassworddn:uid=joe,ou=otherpeople,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Joe SMETHSN : SMETHUID:JOEUSERPASSWORD:JOESPASSWORDDN:CN=mouse\, jerry,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Mouse, JERRYSN:MOUSEUID:JERRYUSERPASSWORD:JERRYSPASSWORDDN:CN=slash/guy,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:slash/GUYSN:SLASHUID:SLASHGUYUSERPASSWORD:SLASHGUYSPASSWORDDN:CN=quote\"guy,ou=\"Quoted People\", dc=springframework,dc=orgobjectclass:topobjectclass:personobjectclass:organizationalpersonobjectclass:inetorgpersoncn:quote\" GuySn:Quoteuid:quoteguyuserPassword:quoteguyspassworddn:uid=space Cadet,ou=space cadets,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Space Cadetsn:Cadetuid:space CADETUSERPASSWORD:SPACECADETSPASSWORDDN:CN=developers,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:developersou:developeruniqueMember:uid=ben,ou=people,dc=springframework,dc=Orguniquemember:uid=bob,ou=people,dc=springframework,dc=ORGDN:CN=managers,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:managersou:manageruniqueMember:uid=ben,ou=people,dc=springframework,dc=ORGUNIQUEMEMBER:CN=mouse\, jerry,ou=people,dc=springframework,dc=ORGDN:CN=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:submanagersou:submanageruniqueMember:uid=ben,ou=people,dc=springframework,dc=org
If you visit localhost:8080, you will be redirected to the provided login page of spring Security.
Enter the username Ben Password Benspassword, you can see the following page.
4. Demo download
Spring Essay 06 Verifying users with LDAP