ldap - 将角色名称映射到角色
问题描述
我为 tomcat 7 配置了一个 LDAP 领域。它在用户组中搜索某人,一旦找到,将对他们进行身份验证并允许他们访问应用程序。
这是我的境界:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://adldap.mycompany.com:3268"
userSearch="(sAMAccountName={0})"
userSubtree="true"
userBase="DC=mycompany,DC=com"
roleSubtree="true"
roleName="CN"
userRoleName="memberOf"/>
它找到用户,然后搜索相应的角色名称。这是我在 web.xml 中对角色的安全约束。
<security-constraint>
<display-name>user</display-name>
<web-resource-collection>
<web-resource-name>user</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>users</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
但是用户将拥有看起来像CN=Domain Users,CN=Users,DC=mycompany,DC=com. 所以我的问题是,有没有办法可以将该角色映射到用户的角色名称?否则我需要这样定义我的安全约束:
<security-constraint>
<display-name>user</display-name>
<web-resource-collection>
<web-resource-name>user</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>users</description>
<role-name>CN=Domain Users,CN=Users,DC=mycompany,DC=com</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>CN=Domain Users,CN=Users,DC=mycompany,DC=com</role-name>
</security-role>
解决方案
您是否尝试过使用
<security-role-ref>
<role-name>CN=Domain Users,CN=Users,DC=mycompany,DC=com</role-name>
<role-link>user</role-link>
</security-role-ref>
推荐阅读
- python - Ubuntu 18.04 上的 python 版本和启动程序问题
- spring-boot - Spring boot + spring security - 如何阻止应用层的CORS请求?
- javascript - 如何在下一页保持隐藏的下拉菜单打开?
- python - 我想在 for 循环结束时打印“否”。我应该怎么做?
- java - Spring Data JPA Select for OneToMany 关系
- javascript - 如何与 EL 表达式中的 JavaScript 变量进行比较?
- angularjs - dhtmlxGrid 中带有 onEditCell 事件的复选框状态
- uml - 当“异步”使用时,演员应该是次要的吗?
- django-rest-framework - 对于 Django DRF 后端,一种身份验证方法是否更安全?
- python - PyQt:QTableWidget 获取选定的行号