나는 벽에 머리를 두드려서 LDAP에 대해 인증 된 grails 사용자를 애플리케이션의 데이터베이스 역할과 사용자에 매핑하려고 시도했다. this answer 및 documentation의 예를 따릅니다.Grails Spring Security LDAP
bean ldap auth가 포함되어 있지만 GORM에 사용자가 생성 및 업데이트 할 수있는 관계가 많습니다.
내 CustomUserDetails가 UserDetails로 전송할 수없는 지점에 계속 도달합니다. MdtUserDetails를 호출 할 때
Message: Cannot cast object 'ldap_username' with class 'package.MdtUserDetails' to class 'org.springframework.security.core.userdetails.UserDetails'
오류가 UserDetailsContextMapper 클래스에서 발생 :
grails.plugin.springsecurity.ldap.context.managerDn = 'cn=MDT Apache,ou=ServiceAccounts,ou=Users,ou=MDT,dc=mdthq,dc=mt,dc=ads'
grails.plugin.springsecurity.ldap.context.managerPassword = '*******'
grails.plugin.springsecurity.ldap.context.server = 'ldap://server:389'
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,ou=MDT,dc=mdthq,dc=mt,dc=ads'
grails.plugin.springsecurity.ldap.search.base = 'ou=Users,ou=MDT,dc=mdthq,dc=mt,dc=ads'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.mapper.userDetailsClass = 'package.MdtUserDetails'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName', 'sAMAccountName'] // extra attributes you want returned; see below for custom classes that access this data
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})'
//check against LDAP first, then Database
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider', 'daoAuthenticationProvider']
: 여기
import java.util.Collection;
import org.springframework.ldap.core.DirContextAdapter
import org.springframework.ldap.core.DirContextOperations
import org.springframework.security.authentication.DisabledException
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.GrantedAuthorityImpl
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper
import grails.plugin.springsecurity.SpringSecurityUtils
import package.User
import package.Role
import package.UserRole
class MdtUserDetailsContextMapper implements UserDetailsContextMapper {
private static final List NO_ROLES = [new GrantedAuthorityImpl(SpringSecurityUtils.NO_ROLE)]
def dataSource
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authority) {
username = username.toLowerCase()
User user = User.findByUsername(username)
String ldapName = ctx.originalAttrs.attrs['name']
String ldapEmail = ctx.originalAttrs.attrs['mail']
String splitName = ldapName.split(": ")[1]
String fullname = splitName.split(", ")[1] + " " + splitName.split(", ")[0]
String email = ldapEmail.split(": ")[1]
def roles
User.withTransaction {
if(!user){
user = new User(username: username, enabled: true, fullName: fullname, email: email).save(flush: true)
UserRole.create user, Role.findByAuthority('ROLE_USER'), true
roles = Role.findByAuthority('ROLE_USER')
}
else {
user = User.findByUsername(username)
user.fullName = fullname
user.email = email
user.save(flush: true)
roles = user.getAuthorities()
}
}
if (!user.enabled)
throw new DisabledException("User is disabled", username)
def authorities = roles.collect { new GrantedAuthorityImpl(it.authority) }
authorities.addAll(authority)
def userDetails = new MdtUserDetails(fullname, email, username, "", true, false, false, false, authorities) //the error is here...
return userDetails
}
@Override
public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1) {
}
}
내 resources.goovy
import package.MdtUserDetailsContextMapper
import package.MdtUserDetailsService
beans = {
ldapUserDetailsMapper(MdtUserDetailsContextMapper) {
dataSource = ref("dataSource")
}
UserDetailsService(MdtUserDetailsService)
}
Config.groovy 파일입니다 그런 다음 U에 대한 수업 serDetails와 UserDetailsService의 :
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority
import package.User
class MdtUserDetails extends User {
public MdtUserDetails(String fullName, String email, String username, String password, boolean enabled, boolean accountExpired,
boolean accountLocked, boolean passwordExpired, Collection<GrantedAuthority> authorities) {
super(username: username, password: password, email: email, fullName: fullName, enabled: enabled, accountExpired: accountExpired, accountLocked: accountLocked, passwordExpired: passwordExpired)
this.fullName = fullName
this.email = email
}
}
import package.User
import grails.plugin.springsecurity.userdetails.GrailsUserDetailsService
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UsernameNotFoundException
import grails.plugin.springsecurity.SpringSecurityUtils
class MdtUserDetailsService implements GrailsUserDetailsService {
static final List NO_ROLES = [new GrantedAuthorityImpl(SpringSecurityUtils.NO_ROLE)]
UserDetails loadUserByUsername(String username, boolean loadRoles)
throws UsernameNotFoundException {
return loadUserByUsername(username)
}
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User.withTransaction { status ->
User user = User.findByUsername(username)
if (!user) throw new UsernameNotFoundException('User not found', username)
def authorities = user.authorities.collect {new GrantedAuthorityImpl(it.authority)}
return new MdtUserDetails(user.fullName, user.email, user.username, user.password, user.enabled,
!user.accountExpired, !user.passwordExpired,
!user.accountLocked, authorities ?: NO_ROLES)
} as UserDetails
}
}
업데이트 된 UserDetails :
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.ldap.userdetails.LdapUserDetails
import package.Role
import package.User
class MdtUserDetails extends User implements LdapUserDetails{
final String email
final String fullName
public MdtUserDetails(String fullName, String email, String username, String password, boolean enabled, boolean accountExpired,
boolean accountLocked, boolean passwordExpired, Collection<GrantedAuthority> authorities) {
//super(username: username)
//super(username: username, password: password, email: email, fullName: fullName, enabled: enabled, accountExpired: accountExpired, accountLocked: accountLocked, passwordExpired: passwordExpired, authorties: authorities)
this.fullName = fullName
this.email = email
}
@Override
public Set<Role> getAuthorities(){
return super.getAuthorities()
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public String getDn() {
// TODO Auto-generated method stub
return null;
}
}
편집
마지막으로이 알아 냈어! 난 내 자신의 사용자 클래스를 확장 된 된 UserDetails 클래스의
는 :
import package.User
class MdtUserDetails extends User {
대신 여기에서 springsecurity 사용자 클래스를 확장하는 데 필요한 :
import org.springframework.security.core.userdetails.User
감사가 ldapuserDetails을 구현 할 수 있었다,하지만 지금은 내 오류가 무슨 일이 있었는지 파악하기조차 어렵다 '잘못 2014년 1월 24일 12 : 20 : 33,566 [HTTP 바이오 8111- exec/4] ERROR [/step].[default] 경로 [/ step]이있는 컨텍스트에서 servlet [default]에 대한 Servlet.service()가 예외를 던졌습니다 메시지 : null 또는 빈 값을 생성자에 전달할 수 없습니다 Line | 방법 - >> 52 | in grails.plugin.springsecurity.userdetails.GrailsUser ' –
Wac
지금 사용하고 계신 업데이트 된 코드를 보여줄 수 있습니까? –
위의 업데이트 됨 ... – Wac