我正在尝试在 Grails 中设置 Spring Security,使用令牌进行身份验证(通过 Spring Security REST 插件)并针对 LDAP 进行授权。我找到了几个例子(我现在打开了大约 20 个浏览器选项卡),但没有一个能回答整个问题。大多数示例是 Grails + REST Security 或 Grails + LDAP Security,但没有 Grails + REST + LDAP 示例。
我的问题是,当我需要它查找 LDAP 时,应用程序会尝试在数据库中查找用户和角色。
【问题讨论】:
标签: spring rest grails spring-security ldap
我发现解决方案是进入 resources.groovy 并将 userDetailsService bean 配置为使用 LDAP。唯一的“先决条件”是您的 LDAP 服务器必须已经有正确的 LDAP 配置。我在这里找到了这个解决方案:http://swordsystems.com/2011/12/21/spring-security-cas-ldap/。并且只拿了下一块。
// Place your Spring DSL code here
import grails.plugin.springsecurity.SpringSecurityUtils
beans = {
def config = SpringSecurityUtils.securityConfig
if (config.ldap.context.server) {
SpringSecurityUtils.loadSecondaryConfig 'DefaultLdapSecurityConfig'
config = SpringSecurityUtils.securityConfig
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
config.ldap.context.server){
userDn = config.ldap.context.managerDn
password = config.ldap.context.managerPassword
}
ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
config.ldap.search.base,
config.ldap.search.filter,
initialDirContextFactory){
}
ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,
config.ldap.authorities.groupSearchBase){
groupRoleAttribute = config.ldap.authorities.groupRoleAttribute
groupSearchFilter = config.ldap.authorities.groupSearchFilter
searchSubtree = config.ldap.authorities.searchSubtree
rolePrefix = "ROLE_"
convertToUpperCase = config.ldap.mapper.convertToUpperCase
ignorePartialResultException = config.ldap.authorities.ignorePartialResultException
}
userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,
ldapUserSearch,
ldapAuthoritiesPopulator){
}
}
}【讨论】: