Grails 3 Spring Security LDAP 插件和 Tomcat 8
Posted
技术标签:
【中文标题】Grails 3 Spring Security LDAP 插件和 Tomcat 8【英文标题】:Grails 3 Spring Security LDAP Plugin and Tomcat 8 【发布时间】:2016-06-29 13:22:39 【问题描述】:我有一个外部 YML 文件,其中包含一些 grails 配置。在这个文件中,添加的配置之一是用于 grails spring security ldap 插件。我的配置如下:
---
grails:
plugin:
springsecurity:
ldap:
context:
managerDn: 'uid=admin,ou=system'
managerPassword: 'secret'
server: 'ldap://localhost:10389'
authorities:
groupSearchBase: 'ou=Groups,dc=c3cen,dc=com'
retreiveGroupRoles: true
retreiveDatabaseRoles: false
groupSearchFilter: 'member=0'
search:
base: 'ou=Users,dc=c3cen,dc=com'
password:
algoritham: 'SHA-256'
interceptUrlMap: [
pattern: '/', access: ['permitAll'],
pattern: '/error', access: ['permitAll'],
pattern: '/index', access: ['permitAll'],
pattern: '/index.gsp', access: ['permitAll'],
pattern: '/shutdown', access: ['permitAll'],
pattern: '/assets/**', access: ['permitAll'],
pattern: '/**/js/**', access: ['permitAll'],
pattern: '/**/css/**', access: ['permitAll'],
pattern: '/**/images/**', access: ['permitAll'],
pattern: '/**/favicon.ico', access: ['permitAll'],
pattern: '/login/**', access: ['permitAll'],
pattern: '/logout/**', access: ['permitAll']
]
---
我在常规(由 grails quick config 提供)应用程序 yml 文件中也有一些属性。该文件仅包含:
grails:
plugin:
springsecurity:
securityConfigType: 'InterceptUrlMap'
providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']
我通过覆盖 Application.groovy 类中的 setEnvironment 方法来加载 grails 中的外部配置。它看起来如下:
@Override
void setEnvironment(Environment environment)
try
String configPath = System.getenv("local.config.location")
def ymlConfig = new File(configPath)
Resource resourceConfig = new FileSystemResource(ymlConfig)
YamlPropertiesFactoryBean ypfb = new YamlPropertiesFactoryBean()
ypfb.setResources(resourceConfig)
ypfb.afterPropertiesSet()
Properties properties = ypfb.getObject()
environment.propertySources.addFirst(new PropertiesPropertySource("local.config.location", properties))
catch (Exception e)
log.error("unable to load the external configuration file", e)
当我在 grails 中发出 run-app 命令并部署到我的嵌入式 tocat 时,一切都按预期工作。当我手动部署到本地 tomcat 时,我在 Firefox 中收到“页面未正确重定向”错误。
注意:我已通过日志语句确认两个 tomcat 服务器正在读取外部文件。奇怪的是属性被注入,但它们被默认提供的字符串覆盖。例如: dc=example 显示在 search.base 中,但在我上面的代码中,您可以清楚地看到它在 'ou=Users,dc=c3cen,dc=com' 中。请注意,这两者都存在,但我猜默认会覆盖自定义属性。
我需要在本地(非嵌入式 grails)Tomcat 服务器上进行更改以允许外部属性工作吗?我尝试更改 application.yml(external one) 的位置,但无济于事。
【问题讨论】:
【参考方案1】:我在这里注意到的奇怪部分是,interceptUrlMap 是唯一未能从外部 YML 文件加载的调用。由于这是当时文档中唯一提供的用于静态路由的方法,因此我采用了不同的方法。 (使用外部 groovy 配置而不是 yml 配置)
以下是我为使用 LDAP 插件进行外部配置所做的事情的列表。首先,我确保我的应用程序启动运行类 (Application.groovy) 实现了 EnvironmentAware。我将 setEnvironemnt 方法覆盖如下:
@Override
void setEnvironment(Environment environment)
try
String configPath = System.getenv("local.config.location")
def configFile = new File(configPath)
def config = new ConfigSlurper().parse(configFile.toURI().toURL())
environment.propertySources.addFirst(new MapPropertySource("externalGroovyConfig", config))
catch (Exception e)
log.error("unable to load the external configuration file", e)
接下来,我创建了一个 application.groovy 文件,并将其放在另一个位置(不在我的项目中) 我的 application.groovy 文件现在如下所示:
grails.plugin.springsecurity.ldap.context.managerDn = 'uid=admin,ou=system'
grails.plugin.springsecurity.ldap.context.managerPassword = 'secret'
grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:10389/'
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=c3cen,dc=com'
grails.plugin.springsecurity.ldap.authorities.retreiveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.retreiveDatabaseRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member=0'
grails.plugin.springsecurity.ldap.search.base = 'ou=Users,dc=c3cen,dc=com'
grails.plugin.springsecurity.password.algoritham = 'SHA-256'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']]
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]
【讨论】:
以上是关于Grails 3 Spring Security LDAP 插件和 Tomcat 8的主要内容,如果未能解决你的问题,请参考以下文章
Grails 3 Spring Security 覆盖登录表单
Grails 3 和 Spring Security:当用户未登录时返回 401
grails 3 spring security boot starter登录页面定制
Grails - 卸载 Spring Security Core