Use the LDAP service to implement Web project user authentication and simple permission control using Spring ldap,spring security. realize multi-system account unification.
1. EHR-based LDAP user information
LDAP is a lightweight Directory Access Protocol , the full name is Lightweight Directory Access Protocol, which is generally referred to as LDAP. The LDAP directory stores data in a tree-like hierarchy. If you are familiar with the top-down DNS tree or the directory tree of UNIX files, it is easy to palm the idea of an LDAP directory tree. Just like the DNS hostname , the identity name (distinguished name, or DN) of the LDAP directory record is used to read a single record, as well as back to the top of the tree
For example, dn:cn=zh201506006,ou= Big data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, DC=OPENLDAP,DC=JW,DC=CN
The organization structure and user data in LDAP are synchronized from the EHR system.
Where group, which records the user members under each role
Organizational structure:
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/92/89/wKiom1kAXWPxD3Y0AAA9OGVudbI099.png "title=" Organizational structure. png "alt=" Wkiom1kaxwpxd3y0aaa9ogvudbi099.png "/>
Group information, authority_system_admin a member is cn=zh201506006,ou= Big Data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, dc=openldap,dc= Jw,dc=cn
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/92/89/wKiom1kAXYeCbzdYAAAyhcUtKqs607.png "title=" Member.png "alt=" Wkiom1kaxyecbzdyaaayhcutkqs607.png "/>
User information:
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/92/88/wKioL1kAXZ7yK-yBAABE_gLR_rE173.png-wh_500x0-wm_ 3-wmp_4-s_1610295820.png "title=" Person.png "alt=" Wkiol1kaxz7yk-ybaabe_glr_re173.png-wh_50 "/>
2. Implementation of LDAP-based user authentication
Implemented in Web projects based on LDAP authentication, the main tasks are to complete the following
Spring-security.xml, spring Security-based configuration file
Ldap.properties, constants referenced in configuration file Spring-security.xml
Myauthenticationprovider.java Custom User Authentication class
Authoritiespopulator.java Custom Permission Groups
Code and Comments Reference:https://github.com/chocolateBlack/authority-spring-security
3, implementation of spring-based Sentry permissions control
The implementation of the Web project is based on the Spring Sentry permission control, which mainly accomplishes the following tasks
In Spring-security.xml configuration
<global-method-security secured-annotations= "Enabled" pre-post-annotations= "Enabled" jsr250-annotations= " Enabled "/>
Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.4_method_security.html
Configuring in Spring-security.xml
<intercept-url pattern= "/check" access= "is_authenticated_anonymously"/>
<intercept-url pattern= "/admin" access= "Role_authority_system_admin"/>
Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.2_getting_started%20with_ Security_namespace_configuration.html
This article is from the "Chocolate Black" blog, be sure to keep this source http://10120275.blog.51cto.com/10110275/1919698
User authentication and Permissions control Web implementation based on spring LDAP and spring security