时间戳

首页 > 解决方案 > Spring Boot 上的会话处理,对某些用户使用 LDAP 身份验证,对其他用户使用 LinkedIn API 登录

spring - Spring Boot 上的会话处理,对某些用户使用 LDAP 身份验证,对其他用户使用 LinkedIn API 登录

问题描述

我正在为人力资源部门开发一个基于 Java 的 Web 应用程序。有两种类型的用户:人力资源专家和申请人。专家通过 LDAP 身份验证登录,而申请人通过 LinkedIn API 登录。

如何配置这两种用户的会话?Spring有这个库吗?目前,我的项目没有会话配置,因此专家和申请人可以从同一台计算机同时登录。

此外,我还需要能够根据一次登录的用户类型对 .html 文件进行更改。例如:“申请!” 通过 LinkedIn 登录的用户应该可以看到按钮,通过 LDAP 登录的专家应该可以看到“查看申请人”按钮。如果您还可以告诉我 Thymeleaf、Spring 和您推荐给我的会话处理方法如何协同工作,那就太好了。

我的 LDAP 身份验证:

@EnableGlobalMethodSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
        http.authorizeRequests().antMatchers("applicants**").fullyAuthenticated().and()
                .authorizeRequests().antMatchers("**/job/**/applicants").fullyAuthenticated().and()
                .formLogin().loginPage("/login").permitAll().and()
                .logout().permitAll();
        http.csrf().disable();
    }


    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource(contextSource())
                .passwordCompare()
                .passwordEncoder(new LdapShaPasswordEncoder())
                .passwordAttribute("userPassword");
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
    }

}

领英登录:

@RestController
@RequestMapping("/connect")
public class LinkedInController {

    public static boolean connected = false;
    public static Applicant applicant;

    private static final String API_KEY = "xxxx";
    private static final String SECRET_KEY = "xxxx";
    private static final String REDIRECT_URI = "http://localhost:8080/connect/done/";
    private static final String STATE = "xxxx";
    private static final String NETWORK_NAME = "LinkedIn";
    private static final String PROTECTED_RESOURCE_URL = "https://api.linkedin.com/v1/people/~:(%s)";
    private static final String RESOURCE_FIELDS = "id,firstName,lastName,emailAddress,maiden-name,headline," +
            "industry,summary,picture-url";

    private OAuth20Service service;
    private ApplicantService applicantService;

    @Autowired
    public LinkedInController(ApplicantService applicantService){
        this.applicantService = applicantService;
    }

    @GetMapping()
    public ModelAndView redirectToAuthorization (Model model) throws IOException, InterruptedException, ExecutionException {
        // Replace these with your client id and secret
        service = new ServiceBuilder(API_KEY)
                .apiSecret(SECRET_KEY)
                .scope("r_basicprofile r_emailaddress")
                .callback(REDIRECT_URI)
                .state(STATE)
                .build(LinkedInApi20.instance());
        final Scanner in = new Scanner(System.in);
        final String authorizationUrl = service.getAuthorizationUrl();
        System.out.println("Auth. link:" + authorizationUrl);
        return new ModelAndView(new RedirectView(authorizationUrl));
    }

    @GetMapping("/done")
    public ModelAndView getToken(@RequestParam("code") String code, @RequestParam("state") String state, Model model) throws IOException, InterruptedException, ExecutionException {
        if (state.equals(STATE)){
            connected = true;
            System.out.println("State correct.");
            final OAuth2AccessToken accessToken = service.getAccessToken(code);
            final OAuthRequest request = new OAuthRequest(Verb.GET, String.format(PROTECTED_RESOURCE_URL, RESOURCE_FIELDS));
            System.out.println(request.getUrl());
            request.addHeader("x-li-format", "json");
            request.addHeader("Accept-Language", "ru-RU");
            service.signRequest(accessToken, request);
            final Response response = service.execute(request);
            ObjectMapper mapper = new ObjectMapper();
            Applicant applicant = mapper.readValue(response.getBody(), Applicant.class);
            this.applicant = applicant;
            applicantService.persistNewApplicant(applicant);
        }
        model.addAttribute("success", LinkedInController.connected);
        model.addAttribute("applicant", LinkedInController.applicant);
        return new ModelAndView("connected.html");
    }


}

我正在使用 Spring Boot、IntelliJ、H2 数据库、LinkedIn API 和 LDAP。

标签: springrestsessionauthenticationldap

解决方案

推荐阅读