使用 LDAP 验证 Spring Web 服务

【问题标题】:authenticating Spring Web Service with LDAP使用 LDAP 验证 Spring Web 服务
【发布时间】:2014-10-14 18:42:15
【问题描述】:

我想公开一个使用 LDAP 进行身份验证的示例 Spring Web 服务。 首先,我创建了网络服务:

import javax.jws.WebMethod;
import javax.jws.WebService;

import com.domain.SampleEntity;

/**
* Actual web service implementation.
* 
*/
@WebService
public class SampleEntityWebService {
    /**
    * Read and return SampleEntity by a supplied id.
    */
    @WebMethod
    public SampleEntityByIdResponse readSampleEntityById(Long id) {
        SampleEntity sampleEntity = new SampleEntity();
        sampleEntity.setId(id);
        SampleEntityByIdResponse sampleEntityByIdResponse = new SampleEntityByIdResponse();
        sampleEntityByIdResponse.setSampleEntity(sampleEntity);
        return sampleEntityByIdResponse;
    }
}

Web Service Provider 配置包含:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:int="http://www.springframework.org/schema/integration"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:ws="http://www.springframework.org/schema/integration/ws"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:sws="http://www.springframework.org/schema/web-services"
    xsi:schemaLocation="http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration-2.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/integration/ws http://www.springframework.org/schema/integration/ws/spring-integration-ws-2.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/web-services http://www.springframework.org/schema/web-services/web-services-2.0.xsd
        ">

    <!-- TOOD: Check if required or not -->

    <!-- <bean id="simpleJaxWzServiceExporter"
        class="org.springframework.remoting.jaxws.SimpleJaxWsServiceExporter">
        <property name="baseAddress" value="${ws.base.url}" />
    </bean> -->

    <!-- <context:component-scan base-package="com.integration.ws.provider" /> -->

    <!-- <context:property-placeholder location="classpath:META-INF/spring/web-service.properties" /> -->

    <bean id="sampleEntityMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
        <property name="classesToBeBound">
            <list>
                <value>com.integration.ws.provider.SampleEntityByIdRequest</value>
                <value>com.integration.ws.provider.SampleEntityByIdResponse</value>
                <value>com.domain.SampleEntity</value>
            </list>
        </property>
    </bean>

    <bean
        class="org.springframework.ws.server.endpoint.mapping.UriEndpointMapping">
        <property name="mappings">
            <props>
                <prop key="${ws.base.url}/sampleEntityById">sampleEntity-by-id-gateway</prop>
            </props>
        </property>
        <property name="interceptors">
            <list>
                <ref local="wsSecurityInterceptor" />
            </list>
        </property>
    </bean>  

    **<bean id="wsSecurityInterceptor"
        class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration" value="classpath:META-INF/securityPolicy.xml" />
        <property name="callbackHandlers">
            <list>
                <ref bean="authenticationHandler"/>
            </list>
        </property>
    </bean>**

    <bean id="authenticationHandler"
        class="org.springframework.ws.soap.security.xwss.callback.SpringDigestPasswordValidationCallbackHandler">
          <property name="userDetailsService">
            <bean class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
                <property name="userMap">
                    <value>
                        ${wsUserName}=${wsUserPassword},ROLE_USER
                    </value>
                </property>
            </bean>
          </property> 
    </bean> 


    <ws:inbound-gateway id="sampleEntity-by-id-gateway"
        request-channel="sampleEntityRequestById" marshaller="sampleEntityMarshaller"
        unmarshaller="sampleEntityMarshaller" reply-channel="sampleEntityResponse" />

    <int:channel id="sampleEntityRequestById" />
    <int:channel id="sampleEntityResponse" />

    <int:service-activator
        expression="@sampleEntityWebService.readSampleEntityById(payload.id)"
        input-channel="sampleEntityRequestById" output-channel="sampleEntityResponse" requires-reply="true"/>

    <int:channel id="sampleEntitys" />

</beans>

引用的安全策略文件包含:

<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> 
    <xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/> 
    </xwss:SecurityConfiguration>

该服务运行良好。现在我想对使用 LDAP 访问此服务的用户进行身份验证。 我是 Spring Web 服务和安全性的新手。谁能建议将 Spring Web 服务与 LDAP 集成所需的配置更改。

【问题讨论】:

    标签: java spring web-services spring-security ldap


    【解决方案1】:

    您可以将用户详细信息服务从InMemoryDaoImpl 更改为LdapUserDetailsService

    我能推导出的配置是:

    <bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
  <property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
  <property name="password" value="password"/>
</bean>

<bean id="ldapPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
   <constructor-arg ref="contextSource"/>
   <constructor-arg value="ou=groups"/>
   <property name="groupRoleAttribute" value="ou"/>
</bean>

<bean id="userSearch"
    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg index="0"
        value="ou=People,o=MyCompany,o=Intranet" />
    <constructor-arg index="1" value="(uid={0})" />
    <constructor-arg index="2" ref="contextSource" />
</bean>

<bean id="authenticationHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringDigestPasswordValidationCallbackHandler">
      <property name="userDetailsService">
        <bean class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
             <constructor-arg ref="userSearch">
             <constructor-arg ref="ldapPopulator">
        </bean>
      </property> 
</bean>

    请记住,我还没有尝试过,而且大部分部分都是我从其他来源复制的。您需要的是UserDetailsService,您只需将其设置为authenticationHandler。从LdapUserDetailsService 源代码来看,它需要两个构造函数,LdapUserSearchLdapAuthoritiesPopulator。我搜索了一个关于如何实例化LdapUserSearch bean 的示例,并从here 中找到了示例。我从官方文档中找到了 LdapPopulator bean 示例。

    有关使用 Spring Security 的 Ldap 身份验证的更多详细信息,请访问official documentation

    希望您了解 LDAP,因为我对 LDAP 一无所知。祝你好运。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2020-01-04
      • 1970-01-01
      • 1970-01-01
      • 2016-07-17
      • 1970-01-01
      • 1970-01-01
      • 2012-06-19
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode