在CAS和LDAP中使用Grails中的Spring Security

更新时间：2022-10-23 14:20:08

So I got it working, and it really isn't that bad, but I wish I had seen @cantoni's example first. It would have made this really easy. My setup is a little more simple than his, so I'll add it here.

Install the Spring Security Core, CAS, and LDAP plugins. IMPORTANT: Until spring-security-cas:1.0.5 is updated, I wouldn't try to use the new spring-security-core:2.0-RC2 and spring-security-ldap:2.0-RC2. The CAS plugin doesn't seem to work with them.

    plugins {
    ....
    //security
    compile ":spring-security-core:1.2.7.3"
    compile ":spring-security-cas:1.0.5"
    compile ":spring-security-ldap:1.0.6"
    ...
    }

You don't need to run the quickstart command if you're not also using daoAuthenticationProvider, which I am not.

Configure the core and cas plugins in Config.groovy

//Spring Security Core Config
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider'] 
grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/**': ['hasAnyRole("ROLE_OPERATOR","ROLE_ADMIN")']
]

//Spring Security CAS Config
grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = 'http://server.company.com:8080/app-name/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://sso.company.com/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://server.company.com:8080/app-name/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'

You can leave off rejectIfNoRule, securityConfigType, and interceptUrlMap if you want to use annotations instead of the interceptor map.

Configure your userDetailsService to delegate to LDAP in resources.groovy

// load ldap roles from spring security
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
    "ldap://123.45.67.89:389"){
    userDn = "myLdapUser"
    password = "myLdapPwd"
}

ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
    "DC=foo,DC=company,DC=com", "sAMAccountName={0}", initialDirContextFactory){

}

ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
    initialDirContextFactory,"OU=foo,DC=bar,DC=company,DC=com"){
      groupRoleAttribute = "cn"
      groupSearchFilter = "member={0}"
      searchSubtree = true
      rolePrefix = "ROLE_"
      convertToUpperCase = true
      ignorePartialResultException = true
}

userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,ldapUserSearch,ldapAuthoritiesPopulator){
}

上一篇 : ：java.security.AccessControlException：访问被拒绝（java.io.FilePermission下一篇 : Heroku生产错误：PG ::错误：错误：关系"用户"已经存在错误

在CAS和LDAP中使用Grails中的Spring Security

相关阅读

技术问答最新文章