User authentication and Permissions control Web implementation based on spring LDAP and spring security

Use the LDAP service to implement Web project user authentication and simple permission control using Spring ldap,spring security. realize multi-system account unification.

1. EHR-based LDAP user information

LDAP is a lightweight Directory Access Protocol , the full name is Lightweight Directory Access Protocol, which is generally referred to as LDAP. The LDAP directory stores data in a tree-like hierarchy. If you are familiar with the top-down DNS tree or the directory tree of UNIX files, it is easy to palm the idea of an LDAP directory tree. Just like the DNS hostname , the identity name (distinguished name, or DN) of the LDAP directory record is used to read a single record, as well as back to the top of the tree

For example, dn:cn=zh201506006,ou= Big data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, DC=OPENLDAP,DC=JW,DC=CN

The organization structure and user data in LDAP are synchronized from the EHR system.

Where group, which records the user members under each role

Organizational structure:

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/92/89/wKiom1kAXWPxD3Y0AAA9OGVudbI099.png "title=" Organizational structure. png "alt=" Wkiom1kaxwpxd3y0aaa9ogvudbi099.png "/>

Group information, authority_system_admin a member is cn=zh201506006,ou= Big Data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, dc=openldap,dc= Jw,dc=cn

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/92/89/wKiom1kAXYeCbzdYAAAyhcUtKqs607.png "title=" Member.png "alt=" Wkiom1kaxyecbzdyaaayhcutkqs607.png "/>

User information:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/92/88/wKioL1kAXZ7yK-yBAABE_gLR_rE173.png-wh_500x0-wm_ 3-wmp_4-s_1610295820.png "title=" Person.png "alt=" Wkiol1kaxz7yk-ybaabe_glr_re173.png-wh_50 "/>

2. Implementation of LDAP-based user authentication

Implemented in Web projects based on LDAP authentication, the main tasks are to complete the following

1. Spring-security.xml, spring Security-based configuration file

2. Ldap.properties, constants referenced in configuration file Spring-security.xml

3. Myauthenticationprovider.java Custom User Authentication class

4. Authoritiespopulator.java Custom Permission Groups

Code and Comments Reference:https://github.com/chocolateBlack/authority-spring-security

3, implementation of spring-based Sentry permissions control

The implementation of the Web project is based on the Spring Sentry permission control, which mainly accomplishes the following tasks

1. In Spring-security.xml configuration
   <global-method-security secured-annotations= "Enabled" pre-post-annotations= "Enabled" jsr250-annotations= " Enabled "/>
   Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.4_method_security.html

2. Configuring in Spring-security.xml

<intercept-url pattern= "/check" access= "is_authenticated_anonymously"/>

<intercept-url pattern= "/admin" access= "Role_authority_system_admin"/>

Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.2_getting_started%20with_ Security_namespace_configuration.html

This article is from the "Chocolate Black" blog, be sure to keep this source http://10120275.blog.51cto.com/10110275/1919698

User authentication and Permissions control Web implementation based on spring LDAP and spring security