我目前正在嘗試實現Spring Boot webservice和相互身份驗證,這些身份驗證需要用戶驗證並通過它對ldap服務器包含的詳細信息對用戶進行身份驗證和授權。Spring Boot/Spring Secruity針對LDAP的證書身份驗證
迄今爲止相互認證工作,服務器向用戶標識自己並要求提供用戶證書。以內存用戶爲例,整個身份驗證和授權過程都可以正常工作。然而,一旦我實現LDAP連接,我得到一個「java.lang.IllegalStateException:UserDetailsService是必需的。」例外。有趣的是,當我使用登錄頁面時,LDAP配置本身工作正常,用戶不得不手動提示他的證書。因此,在短期:
登錄頁面+ LDAP作品,
CERT +內存用戶工作,
CERT + LDAP不起作用。
這是我到目前爲止的代碼:
網/配置/ Application.java
@SpringBootApplication
@ComponentScan({ "web.*" })
public class Application extends SpringBootServletInitializer {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
public static void main(String[] args) throws Exception {
SpringApplication.run(Application.class, args);
}
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
// *************************************************************************************************
// Mutual Cert Authentication
// *************************************************************************************************
private Connector createSslConnector() {
Connector connector = new Connector(
"org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector
.getProtocolHandler();
try {
File keystore = new ClassPathResource("server.jks").getFile();
File truststore = new ClassPathResource("cacerts.jks").getFile();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(8443);
protocol.setSSLEnabled(true);
protocol.setKeystoreFile(keystore.getAbsolutePath());
protocol.setKeystorePass("toor"); //example password
protocol.setTruststoreFile(truststore.getAbsolutePath());
protocol.setTruststorePass("toor"); //example passsword
protocol.setKeyAlias("server");
protocol.setClientAuth("want");
protocol.setSslProtocol("TLS");
return connector;
} catch (IOException ex) {
throw new IllegalStateException("can't access keystore: ["
+ "keystore" + "] or truststore: [" + "keystore" + "]", ex);
}
}
// *************************************************************************************************
// The Authentication Manager Bean provides the source that userdata gets
// authenticated against. In this Scenario a ldap server is used.
// *************************************************************************************************
@Bean
public DefaultSpringSecurityContextSource getSource() throws Exception {
String address = "ldap://lokalhost:389/dc=ldap"; //example url
String ldapUser = "cn=admin,dc=ldap"; //example login
String ldapPassword = "toor"; //example password
DefaultSpringSecurityContextSource source = new DefaultSpringSecurityContextSource(
address);
source.setUserDn(ldapUser);
source.setPassword(ldapPassword);
source.afterPropertiesSet();
return source;
}
}
網/配置/ WebSecurity.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DefaultSpringSecurityContextSource source;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().contextSource(source)
.userSearchBase("dc=users,dc=ldap")
.userDnPatterns("cn={0},dc=users")
.groupSearchBase("ou=groups")
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// *************************************************************************************************
// Insert pages that need propper authentication/authorization here
// *************************************************************************************************
http
.x509().subjectPrincipalRegex("CN=(.*?),").and()
.authorizeRequests()
.antMatchers("/**")
.access("hasRole('ROLE_USER')")
.and()
.csrf().disable();
}
}
pom.xml中
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>SpringCertAuth</groupId>
<artifactId>spring-cert-authentication</artifactId>
<version>0.1.0</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.2.5.RELEASE</version>
</parent>
<dependencies>
<!-- ldap -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-jndi</artifactId>
<version>1.5.5</version>
</dependency>
<!-- end ldap -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<properties>
<main.basedir>${basedir}/../..</main.basedir>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
網頁/控件ER/HomeController.java
@Controller
public class HomeController {
@RequestMapping("/welcome")
public ModelAndView index() {
ModelAndView model = new ModelAndView();
model.addObject("title","Secure Web Application");
model.addObject("message", "this is the welcome page");
model.setViewName("welcome");
return model;
}
}
而且web應用/ WEB-INF/JSP /的welcome.jsp
<%@page session="false"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h1>Title : ${title}</h1>
<h1>Message : ${message}</h1>
</body>
</html>
PS:我使用的證書是自簽署並趴在src /主/資源文件夾。
我希望有人能幫助我。
問候 多米尼克