我已成功将JOSSO和Spring Security应用程序集成到我的Grails应用程序中(使用LDAP进行用户控制) .
由于JOSSO已经管理了身份验证,我使用"Pre-Authentication Scenarios"进行Spring Security集成 . 这是我与Spring Security配置相关的 resources.groovy
内容:
def developmentEnvironment = {
if (grailsApplication.config.grails.plugins.springsecurity.active) {
preAuthenticatedAuthenticationProvider(PreAuthenticatedAuthenticationProvider) {
preAuthenticatedUserDetailsService = ref('preAuthenticatedUserDetailsService')
}
preAuthenticatedUserDetailsService(PreAuthenticatedGrantedAuthoritiesUserDetailsService) {
}
j2eePreAuthFilter(J2eePreAuthenticatedProcessingFilter) {
authenticationManager = ref('authenticationManager')
authenticationDetailsSource = {
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource authenticationDetailsSource ->
mappableRolesRetriever = {
SimpleMappableAttributesRetriever mappableAttributesRetriever ->
mappableAttributes = ['app_admin', 'app_user', 'app_report', 'app_access'] as Set
}
userRoles2GrantedAuthoritiesMapper = {
SimpleAttributes2GrantedAuthoritiesMapper grantedAuthoritiesMapper ->
convertAttributeToUpperCase = "true"
}
}
}
preAuthenticatedProcessingFilterEntryPoint(Http403ForbiddenEntryPoint) {
}
preAuthenticatedExceptionTranslationFilter(ExceptionTranslationFilter) {
authenticationEntryPoint = ref('preAuthenticatedProcessingFilterEntryPoint')
}
}
}
一切正常,我可以访问Grails端的默认属性(例如使用 springSecurityService
) .
但现在我有了从LDAP获取自定义属性的新要求(例如 ownership
) . 所以,我在LDAP下将这些属性添加到我的用户,据我所知,JOSSO会自动获得这些属性,但我无法在grails应用程序端获得这些属性 . 有没有办法在grails端获得这些属性?
1 回答
此类自定义属性应放在UserDetails接口的实现中,或者User类的扩展中 . 在http://static.springsource.org/spring-security/site/docs/3.1.x/reference/preauth.html中,您可以找到此方案应如何实现AuthenticationUserDetailsService .
执行此操作后,您可以查询SecurityContextHolder以获取UserDetails实现