如何在Spring Boot中集成LDAP

在Spring Boot中集成LDAP（輕量級目錄訪問協議）可以幫助您實現身份驗證和授權功能。以下是一個基本的步驟指南，幫助您在Spring Boot應用程序中集成LDAP。

1. 添加依賴

首先，您需要在pom.xml文件中添加Spring Security和LDAP相關的依賴。

<dependencies>
    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <!-- LDAP -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-ldap</artifactId>
    </dependency>

    <!-- Spring Boot Starter Web for basic web functionality -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

2. 配置LDAP

接下來，您需要在application.properties或application.yml文件中配置LDAP連接參數。

application.properties

spring.security.ldap.url=ldap://your-ldap-server:389
spring.security.ldap.username=cn=admin,dc=example,dc=com
spring.security.ldap.password=your-password
spring.security.ldap.base=dc=example,dc=com
spring.security.ldap.search-base=ou=users,dc=example,dc=com
spring.security.ldap.user-search-filter=(objectClass=person)
spring.security.ldap.group-search-filter=(objectClass=group)
spring.security.ldap.group-search-base=ou=groups,dc=example,dc=com

application.yml

spring:
  security:
    ldap:
      url: ldap://your-ldap-server:389
      username: cn=admin,dc=example,dc=com
      password: your-password
      base: dc=example,dc=com
      search-base: ou=users,dc=example,dc=com
      user-search-filter: (objectClass=person)
      group-search-filter: (objectClass=group)
      group-search-base: ou=groups,dc=example,dc=com

3. 配置Spring Security

您需要配置Spring Security以使用LDAP進行身份驗證。

Java配置

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
import org.springframework.security.ldap.userdetails.LdapUserDetailsServiceImpl;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/public/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Bean
    public LdapAuthenticationProvider ldapAuthenticationProvider() {
        LdapAuthenticationProvider provider = new LdapAuthenticationProvider();
        provider.setUrl("ldap://your-ldap-server:389");
        provider.setUsername("cn=admin,dc=example,dc=com");
        provider.setPassword("your-password");
        provider.setBase("dc=example,dc=com");
        provider.setUserSearchFilter("(objectClass=person)");
        provider.setGroupSearchFilter("(objectClass=group)");
        provider.setGroupSearchBase("ou=groups,dc=example,dc=com");
        return provider;
    }

    @Bean
    public LdapUserDetailsService ldapUserDetailsService() {
        return new LdapUserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(ldapAuthenticationProvider());
        auth.userDetailsService(ldapUserDetailsService());
    }
}

XML配置

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/public/**" access="permitAll"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <form-login login-page="/login" />
    <logout />
</http>

<authentication-manager>
    <authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:property name="url" value="ldap://your-ldap-server:389"/>
    <beans:property name="username" value="cn=admin,dc=example,dc=com"/>
    <beans:property name="password" value="your-password"/>
    <beans:property name="base" value="dc=example,dc=com"/>
    <beans:property name="userSearchFilter" value="(objectClass=person)"/>
    <beans:property name="groupSearchFilter" value="(objectClass=group)"/>
    <beans:property name="groupSearchBase" value="ou=groups,dc=example,dc=com"/>
</beans:bean>

<beans:bean id="ldapUserDetailsService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsServiceImpl">
</beans:bean>

4. 創建登錄頁面

創建一個簡單的登錄頁面login.html：

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Login</title>
</head>
<body>
    <h1>Login</h1>
    <form action="/login" method="post">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" required/><br/>
        <label for="password">Password:</label>
        <input type="password" id="password" name="password" required/><br/>
        <button type="submit">Login</button>
    </form>
</body>
</html>

5. 運行應用程序

現在，您可以運行您的Spring Boot應用程序，并通過LDAP進行身份驗證。訪問http://localhost:8080/login，并使用您的LDAP憑據登錄。

總結

以上步驟展示了如何在Spring Boot中集成LDAP進行身份驗證。您可以根據需要進一步自定義配置，例如添加角色和權限管理、自定義錯誤頁面等。