整合LDAP单点登录


本教程主要详细讲解Spring Security使用LDAP做单点登录。

基础环境


技术 版本
Java 1.8+
SpringBoot 2.x.x
Security 5.x
LDAP 任意版本

创建项目


  • 初始化项目
1
mvn archetype:generate -DgroupId=com.edurt.sli.slisl -DartifactId=spring-learn-integration-security-ldap -DarchetypeArtifactId=maven-archetype-quickstart -Dversion=1.0.0 -DinteractiveMode=false
  • 修改pom.xml增加security的支持
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

<parent>
<artifactId>spring-learn-integration-security</artifactId>
<groupId>com.edurt.sli</groupId>
<version>1.0.0</version>
</parent>

<modelVersion>4.0.0</modelVersion>

<artifactId>spring-learn-integration-security-ldap</artifactId>

<name>SpringBoot Security使用LDAP单点登录</name>

<properties>
<dependency.spring.security.ldap.version>5.1.5.RELEASE</dependency.spring.security.ldap.version>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${dependency.springboot2.common.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>${dependency.springboot2.common.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${dependency.spring.security.ldap.version}</version>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${dependency.springboot2.common.version}</version>
<configuration>
<fork>true</fork>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${plugin.maven.compiler.version}</version>
<configuration>
<source>${system.java.version}</source>
<target>${system.java.version}</target>
</configuration>
</plugin>
</plugins>
</build>

</project>

spring-boot-starter-security启动spring security安全框架
spring-security-ldap启动spring security ldap框架支持

  • 一个简单的应用类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.edurt.sli.slisl;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Component;

/**
* <p> SpringBootSecurityLDAPIntegration </p>
* <p> Description : SpringBootSecurityLDAPIntegration </p>
* <p> Author : qianmoQ </p>
* <p> Version : 1.0 </p>
* <p> Create Time : 2019-06-19 19:50 </p>
* <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
*/
@SpringBootApplication
@Component(value = "com.edurt.sli.slisl")
public class SpringBootSecurityLDAPIntegration {

public static void main(String[] args) {
SpringApplication.run(SpringBootSecurityLDAPIntegration.class, args);
}

}

配置Security


  • /src/main/java/com/edurt/sli/slisl目录下创建config目录,并在该目录下新建LdapConfig文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.edurt.sli.slisl.config;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

/**
* <p> LdapConfig </p>
* <p> Description : LdapConfig </p>
* <p> Author : qianmoQ </p>
* <p> Version : 1.0 </p>
* <p> Create Time : 2019-06-19 20:24 </p>
* <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
*/
@Component
@ConfigurationProperties(prefix = "custom.ldap")
public class LdapConfig {

private String searchBase;
private String searchFilter;
private String url;
private String manageDN;
private String managePassword;

public LdapConfig() {
}

public String getSearchBase() {
return searchBase;
}

public void setSearchBase(String searchBase) {
this.searchBase = searchBase;
}

public String getSearchFilter() {
return searchFilter;
}

public void setSearchFilter(String searchFilter) {
this.searchFilter = searchFilter;
}

public String getUrl() {
return url;
}

public void setUrl(String url) {
this.url = url;
}

public String getManageDN() {
return manageDN;
}

public void setManageDN(String manageDN) {
this.manageDN = manageDN;
}

public String getManagePassword() {
return managePassword;
}

public void setManagePassword(String managePassword) {
this.managePassword = managePassword;
}

}

@ConfigurationProperties(prefix = "custom.ldap")标志着配置文件中的配置是按照custom.ldap开头

  • 创建SecurityLdapConfig授权校验文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.edurt.sli.slisl.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
* <p> SecurityConfig </p>
* <p> Description : SecurityConfig </p>
* <p> Author : qianmoQ </p>
* <p> Version : 1.0 </p>
* <p> Create Time : 2019-06-19 19:52 </p>
* <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
*/
@Configuration
public class SecurityLdapConfig extends WebSecurityConfigurerAdapter {

@Autowired
private LdapConfig config;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase(config.getSearchBase())
.userSearchFilter(config.getSearchFilter())
.contextSource()
.url(config.getUrl())
.managerDn(config.getManageDN())
.managerPassword(config.getManagePassword());
}

}
  • 在resources资源目录下创建一个application.properties的配置文件,内容如下
1
2
3
4
5
6
server.port=8989
custom.ldap.searchBase=OU=example,DC=example,DC=intra
custom.ldap.searchFilter=(sAMAccountName={0})
custom.ldap.url=ldap://192.168.0.5:389
custom.ldap.manageDN=cn=function,OU=Email Account,dc=example,dc=intra
custom.ldap.managePassword=example

创建授权成功提示


/src/main/java/com/edurt/sli/slisl目录下创建controller目录,并在该目录下新建HelloLDAPController文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.edurt.sli.slisl.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import java.security.Principal;
import java.util.Map;

/**
* <p> HelloLDAPController </p>
* <p> Description : HelloLDAPController </p>
* <p> Author : qianmoQ </p>
* <p> Version : 1.0 </p>
* <p> Create Time : 2019-06-19 20:12 </p>
* <p> Author Email: <a href="mailTo:shichengoooo@163.com">qianmoQ</a> </p>
*/
@Controller
public class HelloLDAPController {

@RequestMapping("/secure")
public String secure(Map<String, Object> model, Principal principal) {
model.put("title", "授权成功");
model.put("message", "仅授权可查看的页面");
model.put("name", principal.getName());
return "home";
}

}

-w1277

输入你的LDAP账号信息即可校验成功,跳转到授权的数据页面

打包文件部署


  • 打包数据
1
mvn clean package -Dmaven.test.skip=true -X

运行打包后的文件即可

1
java -jar target/spring-learn-integration-security-ldap-1.0.0.jar

源码地址