全部:
我有一个Ldap认证的基本程序;主要用户";
package com.bpm.cbl.premium.controller;
import java.security.Principal;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.PostConstruct;
@RestController
@RequestMapping("custom")
public class LDAPAuthController {
public static String domain;
public static String URL;
@Value("${activedirectory.domain}")
private String adDomain;
@Value("${activedirectory.url}")
private String adURL;
@PostConstruct
public void init(){
domain = adDomain;
URL = adURL;
}
@GetMapping("/user-login")
@ResponseBody
public Principal user(Principal user) {
return user;
}
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().and()
.logout().and()
.authorizeRequests()
.antMatchers("/index.html", "/", "/home", "/login", "/assets/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new
ActiveDirectoryLdapAuthenticationProvider(domain, URL);
return activeDirectoryLdapAuthenticationProvider;
}
}
}
我不知道如何返回cookie或令牌而不是对象。。我是春季安保的新手。。有人能帮忙吗我参考了另一篇文章,但不确定它是否会工作,如何使用spring-security(spring-boot(实现Ldap身份验证
有人能提供一些输入吗?请
好的,我得到了一个解决方案;为所有人的利益发帖。。
在互联网和许多论坛上有很多令人困惑的文章,但这是非常简单的
将上面@GetMapping("/user login"(下的函数替换为在respose主体中返回cookie的函数。。将httpservelectresponse作为函数的参数以及所需的任何其他参数传递。。就是这样,cookie将在响应标头中返回;