1.目录介绍:
(1)目录是一种为浏览和搜索数据而创建的树状数据库,包含基于属性的描述性信息,并且支持高级的过滤功能。
(2)目录不支持大多数事务性数据库所支持的高吞吐等复杂的更新操作;目录进行更新操作,可以说是要么全部,要么都不的原子操作,目录服务适合的业务应用在于提供大量的查询和搜索操作。
(3)为了保证目录数据的可用性和可靠性,在确保提供快速的查询和搜索操作的同时,还提供了主从服务器同步目录数据信息的能力,这相当于传统的Mysql数据库的主从同步一样,可以最大限度的确保基于目录业务的持续可用性。
2.LDAP介绍:
LDAP全称为Lightweight Directory Access Protocol(轻量级目录访问协议),有如下特点:跨平台的,标准的协议;树形结构,不用SQL语句维护;静态数据的快速查询方式,不适于写数据;LADP存储的数据可由是文本资料,二进制图片等;Client/Server模型:Server用于存储树,Client提供操作目录信息数的工具
3.引入应用所需的依赖:
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-core</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-ldap</artifactId></dependency><dependency><groupId>com.unboundid</groupId><artifactId>unboundid-ldapsdk</artifactId></dependency>
4.配置application.properties文件
#配置LDAPspring.ldap.embedded.ldif=classpath:server.ldafspring.ldap.embedded.base-dn=dc=springframework,dc=orgspring.ldap.embedded.port=8389
5.配置server.ldaf文件
dn: dc=springframework,dc=orgobjectclass: topobjectclass: domainobjectclass: extensibleObjectdc: springframeworkdn: ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: groupsdn: ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: subgroupsdn: ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: peopledn: ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: space cadetsdn: ou=\"quoted people\",dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: "quoted people"dn: ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: organizationalUnitou: otherpeopledn: uid=ben,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Ben Alexsn: Alexuid: benuserPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=dn: uid=bob,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Bob Hamiltonsn: Hamiltonuid: bobuserPassword: bobspassworddn: uid=joe,ou=otherpeople,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Joe Smethsn: Smethuid: joeuserPassword: joespassworddn: cn=mouse\, jerry,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Mouse, Jerrysn: Mouseuid: jerryuserPassword: jerryspassworddn: cn=slash/guy,ou=people,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: slash/guysn: Slashuid: slashguyuserPassword: slashguyspassworddn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: quote\"guysn: Quoteuid: quoteguyuserPassword: quoteguyspassworddn: uid=space cadet,ou=space cadets,dc=springframework,dc=orgobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: Space Cadetsn: Cadetuid: space cadetuserPassword: spacecadetspassworddn: cn=developers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: developersou: developeruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: uid=bob,ou=people,dc=springframework,dc=orgdn: cn=managers,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: managersou: manageruniqueMember: uid=ben,ou=people,dc=springframework,dc=orguniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=orgdn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=orgobjectclass: topobjectclass: groupOfUniqueNamescn: submanagersou: submanageruniqueMember: uid=ben,ou=people,dc=springframework,dc=org
6.创建WebSecurityConfig配置类
@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();}@Overridepublic void configure(AuthenticationManagerBuilder auth) throws Exception {auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=groups").contextSource().url("ldap://localhost:8389/dc=springframework,dc=org").and().passwordCompare().passwordEncoder(new LdapShaPasswordEncoder()).passwordAttribute("userPassword");}}
7.创建HomeController类
@RestControllerpublic class HomeController {@GetMapping("/")public String index() {return "Welcome to the home page!";}}
8.运行启动类,输入localhost:8080,出现页面如图:
输入用户名/密码:bob/bobspassword,出现如图所示页面:
