Centos7 搭建LDAP并启用TLS加密
719
2022-05-30
spring 4 没有使用spring-boot,也不想退到spring3
ldap manager的密码加密方案
---继承DefaultSpringSecurityContextSource,然后在里面使用 jasypt解密,感觉可行
---附件:jasypt工具
参考文档:
https://stackoverflow.com/questions/22067552/encryption-decrypt-using-jasypt
https://docs.spring.io/spring-security/site/docs/4.2.11.RELEASE/apidocs/org/springframework/security/ldap/DefaultSpringSecurityContextSource.html
http://www.sephiroth-j.de/java/spring-security-ltpa2/usage.html
https://github.com/spring-projects/spring-security-kerberos
https://github.com/spring-projects/spring-security-kerberos/blob/master/spring-security-kerberos-client/src/main/java/org/springframework/security/kerberos/client/ldap/KerberosLdapContextSource.java
https://docs.spring.io/spring-security/site/docs/4.0.x/reference/html/ldap.html
https://spring.io/guides/gs/authenticating-ldap/
https://memorynotfound.com/spring-security-spring-ldap-authentication-example/
https://stackoverflow.com/questions/20149939/encrypting-a-password-within-a-spring-configuration-file
https://stackoverflow.com/questions/33952246/how-to-avoid-plain-text-ldap-password-in-spring-security
https://serverfault.com/questions/271872/hudson-how-to-manually-encode-the-ldap-managerpassword
https://github.com/spring-projects/spring-security/blob/master/crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java
https://www.mkyong.com/spring-security/spring-security-password-hashing-example/
https://stackoverflow.com/questions/52647983/spring-security-without-ldap-password
https://blog.csdn.net/gdfsbingfeng/article/details/16886805
https://stackoverflow.com/questions/32244500/jasypt-with-spring-4-0
http://www.jasypt.org/springsecurity.html
https://www.baeldung.com/spring-boot-jasypt
https://stackoverflow.com/questions/23235314/spring-4-javaconfig-for-jasypt-and-profile
https://suryanarayanjena.wordpress.com/jasypt/
https://monibu1548.github.io/2017/02/09/jasypt/
https://github.com/spring-projects/spring-security/blob/master/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
https://github.com/ulisesbocchio/jasypt-spring-boot/issues/58
https://github.com/tfredrich/jasypt/issues/1
spring 配置多auth
https://www.programmergate.com/spring-boot-spring-security-oauth2/
https://blog.csdn.net/li90hou/article/details/77851845
https://geeks18.com/spring-security-password-configurations/
http://www.giuseppeurso.eu/en/multiple-authentication-providers-in-spring-security/
https://coderanch.com/t/653951/frameworks/Spring-Boot-Security-Config-Multiple
https://blog.csdn.net/wei_ya_wen/article/details/8529000
https://guides.micronaut.io/micronaut-database-authentication-provider-groovy/guide/index.html
https://stackoverflow.com/questions/25729008/using-both-ldap-and-db-authentication-with-spring-security
https://stackoverflow.com/questions/22115493/pre-authentication-without-authorization-using-spring-security/25114782#25114782
https://www.baeldung.com/spring-security-multiple-auth-providers
spring ldap配置
web.xml中添加
spring-security.xml
AuthenticationFailureHandlerImpl.java//认证失败后的回调
public class AuthenticationFailureHandlerImpl implements AuthenticationFailureHandler{ @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) throws IOException, ServletException { // AuthenticationException 存放着异常信息,获取出来,放到 Request 中,转发到登录页面。 request.setAttribute("error", exception.getMessage()); request.getRequestDispatcher("/xxx/login").forward(request, response); } }
AuthenticationSuccessHandlerImpl.java//认证成功后的回调
public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler { @Resource private UserMapper userMapper; @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // UserDetails 中存放着用户名等信息 //UserDetails userDetails = (UserDetails) authentication.getPrincipal(); // 获取该用户信息,根据自己的业务规则写 //User user = this.userMapper.getUserByUserName(username); List
ContinueEntryPoint.java//保存认证前请求的链接 以便认证成功后跳转 (有一点#hashcode要在前端转义)
public class ContinueEntryPoint extends LoginUrlAuthenticationEntryPoint { public ContinueEntryPoint(String loginFormUrl) { super(loginFormUrl); } @Override protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) { String continueParamValue=""; try { continueParamValue = UriUtils.encode(buildHttpReturnUrlForRequest(request),"UTF-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); }//UrlUtils.buildRequestUrl String redirect = super.determineUrlToUseForThisRequest(request, response, exception);// String ret = UriComponentsBuilder.fromPath(redirect).queryParam("redirect", continueParamValue).toUriString(); return ret; } protected String buildHttpReturnUrlForRequest(HttpServletRequest request) { RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder(); urlBuilder.setScheme("http"); urlBuilder.setServerName(request.getServerName()); .... return urlBuilder.getUrl(); } }
CustomLdapAuthoritiesPopulator.java//构造用户信息--这段代码有点挫
public class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { @Resource private UserMapper userMapper; public Collection
xxxcontroller.java//相关控制器
@RequestMapping(value="login" , method={ RequestMethod.GET, RequestMethod.POST }, name="login") public String login( ModelMap model,HttpServletRequest request) throws Exception { logger.info("params::::" + request.getRequestURI()); String redirect=request.getParameter("redirect"); model.addAttribute("redirect", redirect); return "xxx/employee-jsons/login"; } @RequestMapping(value="employee-jsons/logout.action" , method=RequestMethod.POST, name="logout") @ResponseBody public Map
spring同时配置db和ldap验证
spring-security.xml中添加过滤器
clientDetailsUserDetailsService.java
@Service public class clientDetailsUserDetailsService implements UserDetailsService { @Autowired protected LdapService LdapService; public UserDetails loadUserByUsername(String input) throws UsernameNotFoundException { String[] split = input.split(":"); User user = null; if(split.length>=4) { String u = split[0]; String passwd = split[1]; String uid = split[2]; String uname = split[3]; UserDetails userDetails = null; List
TwoFactorAuthenticationFilter.java//我这块db验证的场景比较特殊 只有一个特定的账号信息放行
public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @Override protected String obtainUsername(HttpServletRequest request) { String user = request.getParameter("user"); String passwd = request.getParameter("passwd"); String uid = xxx; String uname = xxx; String combinedUsername = user + ":" + passwd + ":" + uid + ":" + uname; request.setAttribute("username","..."); request.setAttribute("password","..."); return combinedUsername; } }
MyMessageDigestPasswordEncoder.java
public class MyMessageDigestPasswordEncoder extends MessageDigestPasswordEncoder { public MyMessageDigestPasswordEncoder(String algorithm) { super(algorithm); } @Override public boolean isPasswordValid(String encPass, String rawPass, Object salt) { /* if(StringUtils.isEmpty(rawPass)) { throw new BadCredentialsException("密码不能为空"); } return encPass.equals(rawPass);*/ return true; } }
附件: nginx-1.14.2.zip 1.41M 下载次数:1次
附件: jasypt-1.9.2-dist.zip 6.95M 下载次数:0次
登录 Spring
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。