1. Accueil
  2. Question et réponse
  3. Sécurité printemps Ldap obtenir nom d'utilisateur mot de passe d'un cookie encodé pour l'authentification

Sécurité printemps Ldap obtenir nom d'utilisateur mot de passe d'un cookie encodé pour l'authentification

2017-05-17 4 views
3

Actuellement, j'ai écrit un module d'authentification et d'autorisation Spring Ldap avec connexion de base http mais maintenant je dois obtenir le nom d'utilisateur et mot de passe d'un cookie dans la demande et les lier à LDAP pour l'authentification.Sécurité printemps Ldap obtenir nom d'utilisateur mot de passe d'un cookie encodé pour l'authentification

ci-dessous est ma config WebSecurity classe

@Configuration 
@EnableWebSecurity 
public class LdapSecurity extends WebSecurityConfigurerAdapter { 

    @Autowired 
    CustomLdapAuthoritiesPopulator customLdapAuthoritiesPopulator; 

    @Value("${ldap.config.url:ldap://192.168.1.50:389}") 
    private String LDAP_URL; 

    @Value("${ldap.config.managerdn:uid=admin,cn=users,cn=accounts,dc=example,dc=test}") 
    private String MANAGER_DN; 

    @Value("${ldap.config.managerpwd:admin123}") 
    private String MANAGER_PWD; 

    @Value("${ldap.config.basedn:cn=users,cn=accounts,dc=example,dc=test}") 
    private String SEARCH_BASE; 

    @Override 
    protected void configure(HttpSecurity httpSecurity) throws Exception { 

     httpSecurity.httpBasic(). 
     and().authorizeRequests(). 
       anyRequest().permitAll(). 
       and(). 
       csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
      .ldapAuthentication().contextSource().url(LDAP_URL) 
      .managerDn(MANAGER_DN) 
      .managerPassword(MANAGER_PWD) 
       .and() 
        .userSearchBase(SEARCH_BASE) 
        .userSearchFilter("uid={0}") 
        .ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator);    
    } 

}

Ci-dessous est ma classe CustomLdapAuthoritiesPopulator

@Component 
public class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { 


    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) { 

     String[] groups = userData.getStringAttributes("memberof"); 

     List<String> wordList = Arrays.asList(groups);  

     List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 

     for (String string : wordList) { 

      if(string.toLowerCase().contains("cn=permissions")){ 
       String parts[] = string.split(","); 
       String autho[]=parts[0].split("cn="); 
       System.out.println(autho[1]); 
       authorities.add(new SimpleGrantedAuthority(autho[1])); 
      } 

     } 

     return authorities; 
    } 

}

Merci à l'avance

Source

2017-05-17 Presly Chedhena

Répondre

2

Enfin, je résolu ce problème en ayant un filtre avant BasicAuthenticationFilter. Voici ma classe LdapSecurity modifiée.

@Configuration 
@EnableWebSecurity 
public class LdapSecurity extends WebSecurityConfigurerAdapter { 

    @Autowired 
    CustomLdapAuthoritiesPopulator customLdapAuthoritiesPopulator; 

    @Autowired 
    AuthFilter authFilter; 


    @Value("${ldap.config.url:ldap://192.168.1.50:389}") 
    private String LDAP_URL; 

    @Value("${ldap.config.managerdn:uid=admin,cn=users,cn=accounts,dc=example,dc=test}") 
    private String MANAGER_DN; 

    @Value("${ldap.config.managerpwd:admin123}") 
    private String MANAGER_PWD; 

    @Value("${ldap.config.basedn:cn=users,cn=accounts,dc=example,dc=test}") 
    private String SEARCH_BASE; 

    @Override 
    protected void configure(HttpSecurity httpSecurity) throws Exception { 

     httpSecurity.addFilterBefore(authFilter,BasicAuthenticationFilter.class); 

     httpSecurity.httpBasic().and(). 
      authorizeRequests(). 
       anyRequest().authenticated(). 
       and(). 
       csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
      .ldapAuthentication().contextSource().url(LDAP_URL) 
      .managerDn(MANAGER_DN) 
      .managerPassword(MANAGER_PWD) 
       .and() 
        .userSearchBase(SEARCH_BASE) 
        .userSearchFilter("uid={0}") 
        .ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator);    
    } 

}

est inférieure à la classe AuthFilter personnalisée extension GenericFilter

@Component 
public class AuthFilter extends GenericFilter{ 

    private static final long serialVersionUID = 1L; 

    @Override 
    public void destroy() { 

    } 

    @Override 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 

     HttpServletRequest req = (HttpServletRequest) request; 
     MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(req); 

     Cookie[] cookies = mutableRequest.getCookies(); 
     if(cookies!=null) 
      for (int i = 0; i < cookies.length; i++) { 
       if(cookies[i].getName().equals("nginxauth")){ 
        String auth=cookies[i].getValue().replace("\"", ""); 
        System.out.println(auth); 
        mutableRequest.putHeader("Authorization","Basic "+auth);      
       } 
      } 

     chain.doFilter(mutableRequest, response); 

    } 

}

Ci-dessous le MutableRequestClass

final class MutableHttpServletRequest extends HttpServletRequestWrapper { 

    // holds custom header and value mapping 
    private final Map<String, String> customHeaders; 

    public MutableHttpServletRequest(HttpServletRequest request){ 
     super(request); 
     this.customHeaders = new HashMap<String, String>(); 
    } 

    public void putHeader(String name, String value){ 
     this.customHeaders.put(name, value); 
    } 

    public String getHeader(String name) { 
     // check the custom headers first 
     String headerValue = customHeaders.get(name); 

     if (headerValue != null){ 
      return headerValue; 
     } 
     // else return from into the original wrapped object 
     return ((HttpServletRequest) getRequest()).getHeader(name); 
    } 

    public Enumeration<String> getHeaderNames() { 
     // create a set of the custom header names 
     Set<String> set = new HashSet<String>(customHeaders.keySet()); 

     // now add the headers from the wrapped request object 
     Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaderNames(); 
     while (e.hasMoreElements()) { 
      // add the names of the request headers into the list 
      String n = e.nextElement(); 
      set.add(n); 
     } 

     // create an enumeration from the set and return 
     return Collections.enumeration(set); 
    } 

}

Source

2017-05-19 05:16:32

 Questions connexes

  • Aucun problème connexe^_^