User authentication and Permissions control Web implementation based on spring LDAP and spring security

Source: Internet
Author: User
Tags ldap openldap

Use the LDAP service to implement Web project user authentication and simple permission control using Spring ldap,spring security. realize multi-system account unification.

1. EHR-based LDAP user information

LDAP is a lightweight Directory Access Protocol , the full name is Lightweight Directory Access Protocol, which is generally referred to as LDAP. The LDAP directory stores data in a tree-like hierarchy. If you are familiar with the top-down DNS tree or the directory tree of UNIX files, it is easy to palm the idea of an LDAP directory tree. Just like the DNS hostname , the identity name (distinguished name, or DN) of the LDAP directory record is used to read a single record, as well as back to the top of the tree

For example, dn:cn=zh201506006,ou= Big data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, DC=OPENLDAP,DC=JW,DC=CN

The organization structure and user data in LDAP are synchronized from the EHR system.

Where group, which records the user members under each role

Organizational structure:

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/92/89/wKiom1kAXWPxD3Y0AAA9OGVudbI099.png "title=" Organizational structure. png "alt=" Wkiom1kaxwpxd3y0aaa9ogvudbi099.png "/>


Group information, authority_system_admin a member is cn=zh201506006,ou= Big Data platform development engineer, ou= Big Data Platform Department, Ou= Technology Center, ou= function, dc=openldap,dc= Jw,dc=cn

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/92/89/wKiom1kAXYeCbzdYAAAyhcUtKqs607.png "title=" Member.png "alt=" Wkiom1kaxyecbzdyaaayhcutkqs607.png "/>


User information:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/92/88/wKioL1kAXZ7yK-yBAABE_gLR_rE173.png-wh_500x0-wm_ 3-wmp_4-s_1610295820.png "title=" Person.png "alt=" Wkiol1kaxz7yk-ybaabe_glr_re173.png-wh_50 "/>


2. Implementation of LDAP-based user authentication


Implemented in Web projects based on LDAP authentication, the main tasks are to complete the following

    1. Spring-security.xml, spring Security-based configuration file

    2. Ldap.properties, constants referenced in configuration file Spring-security.xml

    3. Myauthenticationprovider.java Custom User Authentication class

    4. Authoritiespopulator.java Custom Permission Groups

Code and Comments Reference:https://github.com/chocolateBlack/authority-spring-security


3, implementation of spring-based Sentry permissions control


The implementation of the Web project is based on the Spring Sentry permission control, which mainly accomplishes the following tasks

    1. In Spring-security.xml configuration
      <global-method-security secured-annotations= "Enabled" pre-post-annotations= "Enabled" jsr250-annotations= " Enabled "/>
      Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.4_method_security.html

    2. Configuring in Spring-security.xml

<intercept-url pattern= "/check" access= "is_authenticated_anonymously"/>

<intercept-url pattern= "/admin" access= "Role_authority_system_admin"/>

Description Reference:https://vincentmi.gitbooks.io/spring-security-reference-zh/content/4.2_getting_started%20with_ Security_namespace_configuration.html


This article is from the "Chocolate Black" blog, be sure to keep this source http://10120275.blog.51cto.com/10110275/1919698

User authentication and Permissions control Web implementation based on spring LDAP and spring security

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.