Eleftheria Stein
parent
9740b5920b
commit
a2fb2c91c2
|
|
@ -366,6 +366,15 @@ public static NoOpPasswordEncoder passwordEncoder() {
|
|||
<b:bean id="passwordEncoder"
|
||||
class="org.springframework.security.crypto.password.NoOpPasswordEncoder" factory-method="getInstance"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun passwordEncoder(): PasswordEncoder {
|
||||
return NoOpPasswordEncoder.getInstance();
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
[NOTE]
|
||||
|
|
|
|||
|
|
@ -29,4 +29,15 @@ protected void configure(HttpSecurity http) {
|
|||
<http-basic />
|
||||
</http>
|
||||
----
|
||||
|
||||
[source,kotlin,role="secondary"]
|
||||
.Kotlin
|
||||
----
|
||||
fun configure(http: HttpSecurity) {
|
||||
http {
|
||||
// ...
|
||||
httpBasic { }
|
||||
}
|
||||
}
|
||||
----
|
||||
====
|
||||
|
|
|
|||
|
|
@ -32,6 +32,17 @@ protected void configure(HttpSecurity http) {
|
|||
<form-login />
|
||||
</http>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
fun configure(http: HttpSecurity) {
|
||||
http {
|
||||
// ...
|
||||
formLogin { }
|
||||
}
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
In this configuration Spring Security will render a default log in page.
|
||||
|
|
@ -66,6 +77,20 @@ protected void configure(HttpSecurity http) throws Exception {
|
|||
<form-login login-page="/login" />
|
||||
</http>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
fun configure(http: HttpSecurity) {
|
||||
http {
|
||||
// ...
|
||||
formLogin {
|
||||
loginPage = "/login"
|
||||
permitAll()
|
||||
}
|
||||
}
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
[[servlet-authentication-form-custom-html]]
|
||||
|
|
|
|||
|
|
@ -40,6 +40,25 @@ public UserDetailsService users() {
|
|||
authorities="ROLE_USER,ROLE_ADMIN" />
|
||||
</user-service>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun users(): UserDetailsService {
|
||||
val user = User.builder()
|
||||
.username("user")
|
||||
.password("{bcrypt}$2a$10\$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
|
||||
.roles("USER")
|
||||
.build()
|
||||
val admin = User.builder()
|
||||
.username("admin")
|
||||
.password("{bcrypt}$2a$10\$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
|
||||
.roles("USER", "ADMIN")
|
||||
.build()
|
||||
return InMemoryUserDetailsManager(user, admin)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
The samples above store the passwords in a secure format, but leave a lot to be desired in terms of getting started experience.
|
||||
|
|
@ -51,7 +70,8 @@ For this reason, `User.withDefaultPasswordEncoder` should only be used for "gett
|
|||
|
||||
.InMemoryUserDetailsManager with User.withDefaultPasswordEncoder
|
||||
====
|
||||
[source,java]
|
||||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Bean
|
||||
public UserDetailsService users() {
|
||||
|
|
@ -70,6 +90,27 @@ public UserDetailsService users() {
|
|||
return new InMemoryUserDetailsManager(user, admin);
|
||||
}
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun users(): UserDetailsService {
|
||||
// The builder will ensure the passwords are encoded before saving in memory
|
||||
val users = User.withDefaultPasswordEncoder()
|
||||
val user = users
|
||||
.username("user")
|
||||
.password("password")
|
||||
.roles("USER")
|
||||
.build()
|
||||
val admin = users
|
||||
.username("admin")
|
||||
.password("password")
|
||||
.roles("USER", "ADMIN")
|
||||
.build()
|
||||
return InMemoryUserDetailsManager(user, admin)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
There is no simple way to use `User.withDefaultPasswordEncoder` with XML based configuration.
|
||||
|
|
|
|||
|
|
@ -128,6 +128,18 @@ DataSource dataSource() {
|
|||
<jdbc:script location="classpath:org/springframework/security/core/userdetails/jdbc/users.ddl"/>
|
||||
</jdbc:embedded-database>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun dataSource(): DataSource {
|
||||
return EmbeddedDatabaseBuilder()
|
||||
.setType(H2)
|
||||
.addScript("classpath:org/springframework/security/core/userdetails/jdbc/users.ddl")
|
||||
.build()
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
In a production environment, you will want to ensure you setup a connection to an external database.
|
||||
|
|
@ -173,4 +185,26 @@ UserDetailsManager users(DataSource dataSource) {
|
|||
authorities="ROLE_USER,ROLE_ADMIN" />
|
||||
</jdbc-user-service>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun users(dataSource: DataSource): UserDetailsManager {
|
||||
val user = User.builder()
|
||||
.username("user")
|
||||
.password("{bcrypt}$2a$10\$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
|
||||
.roles("USER")
|
||||
.build();
|
||||
val admin = User.builder()
|
||||
.username("admin")
|
||||
.password("{bcrypt}$2a$10\$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
|
||||
.roles("USER", "ADMIN")
|
||||
.build();
|
||||
val users = JdbcUserDetailsManager(dataSource)
|
||||
users.createUser(user)
|
||||
users.createUser(admin)
|
||||
return users
|
||||
}
|
||||
----
|
||||
====
|
||||
|
|
|
|||
|
|
@ -133,12 +133,21 @@ UnboundIdContainer ldapContainer() {
|
|||
----
|
||||
|
||||
.XML
|
||||
[source,xml]
|
||||
[source,xml,role="secondary"]
|
||||
----
|
||||
<b:bean class="org.springframework.security.ldap.server.UnboundIdContainer"
|
||||
c:defaultPartitionSuffix="dc=springframework,dc=org"
|
||||
c:ldif="classpath:users.ldif"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun ldapContainer(): UnboundIdContainer {
|
||||
return UnboundIdContainer("dc=springframework,dc=org","classpath:users.ldif")
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
[[servlet-authentication-ldap-apacheds]]
|
||||
|
|
@ -203,6 +212,15 @@ ApacheDSContainer ldapContainer() {
|
|||
c:defaultPartitionSuffix="dc=springframework,dc=org"
|
||||
c:ldif="classpath:users.ldif"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun ldapContainer(): ApacheDSContainer {
|
||||
return ApacheDSContainer("dc=springframework,dc=org", "classpath:users.ldif")
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
[[servlet-authentication-ldap-contextsource]]
|
||||
|
|
@ -227,6 +245,14 @@ ContextSource contextSource(UnboundIdContainer container) {
|
|||
<ldap-server
|
||||
url="ldap://localhost:53389/dc=springframework,dc=org" />
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
fun contextSource(container: UnboundIdContainer): ContextSource {
|
||||
return DefaultSpringSecurityContextSource("ldap://localhost:53389/dc=springframework,dc=org")
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
[[servlet-authentication-ldap-authentication]]
|
||||
|
|
@ -279,6 +305,22 @@ LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticato
|
|||
<ldap-authentication-provider
|
||||
user-dn-pattern="uid={0},ou=people"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authenticator(contextSource: BaseLdapPathContextSource): BindAuthenticator {
|
||||
val authenticator = BindAuthenticator(contextSource)
|
||||
authenticator.setUserDnPatterns(arrayOf("uid={0},ou=people"))
|
||||
return authenticator
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun authenticationProvider(authenticator: LdapAuthenticator): LdapAuthenticationProvider {
|
||||
return LdapAuthenticationProvider(authenticator)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
This simple example would obtain the DN for the user by substituting the user login name in the supplied pattern and attempting to bind as that user with the login password.
|
||||
|
|
@ -314,6 +356,25 @@ LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticato
|
|||
user-search-filter="(uid={0})"
|
||||
user-search-base="ou=people"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authenticator(contextSource: BaseLdapPathContextSource): BindAuthenticator {
|
||||
val searchBase = "ou=people"
|
||||
val filter = "(uid={0})"
|
||||
val search = FilterBasedLdapUserSearch(searchBase, filter, contextSource)
|
||||
val authenticator = BindAuthenticator(contextSource)
|
||||
authenticator.setUserSearch(search)
|
||||
return authenticator
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun authenticationProvider(authenticator: LdapAuthenticator): LdapAuthenticationProvider {
|
||||
return LdapAuthenticationProvider(authenticator)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
If used with the `ContextSource` <<servlet-authentication-ldap-contextsource,definition above>>, this would perform a search under the DN `ou=people,dc=springframework,dc=org` using `(uid={0})` as a filter.
|
||||
|
|
@ -351,6 +412,20 @@ LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticato
|
|||
<password-compare />
|
||||
</ldap-authentication-provider>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authenticator(contextSource: BaseLdapPathContextSource): PasswordComparisonAuthenticator {
|
||||
return PasswordComparisonAuthenticator(contextSource)
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun authenticationProvider(authenticator: LdapAuthenticator): LdapAuthenticationProvider {
|
||||
return LdapAuthenticationProvider(authenticator)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
A more advanced configuration with some customizations can be found below.
|
||||
|
|
@ -387,6 +462,23 @@ LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticato
|
|||
<b:bean id="passwordEncoder"
|
||||
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authenticator(contextSource: BaseLdapPathContextSource): PasswordComparisonAuthenticator {
|
||||
val authenticator = PasswordComparisonAuthenticator(contextSource)
|
||||
authenticator.setPasswordAttributeName("pwd") // <1>
|
||||
authenticator.setPasswordEncoder(BCryptPasswordEncoder()) // <2>
|
||||
return authenticator
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun authenticationProvider(authenticator: LdapAuthenticator): LdapAuthenticationProvider {
|
||||
return LdapAuthenticationProvider(authenticator)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
<1> Specify the password attribute as `pwd`
|
||||
|
|
@ -424,6 +516,23 @@ LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticato
|
|||
user-dn-pattern="uid={0},ou=people"
|
||||
group-search-filter="member={0}"/>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authorities(contextSource: BaseLdapPathContextSource): LdapAuthoritiesPopulator {
|
||||
val groupSearchBase = ""
|
||||
val authorities = DefaultLdapAuthoritiesPopulator(contextSource, groupSearchBase)
|
||||
authorities.setGroupSearchFilter("member={0}")
|
||||
return authorities
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun authenticationProvider(authenticator: LdapAuthenticator, authorities: LdapAuthoritiesPopulator): LdapAuthenticationProvider {
|
||||
return LdapAuthenticationProvider(authenticator, authorities)
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
== Active Directory
|
||||
|
|
@ -457,4 +566,13 @@ ActiveDirectoryLdapAuthenticationProvider authenticationProvider() {
|
|||
<constructor-arg value="ldap://company.example.com/" />
|
||||
</bean>
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun authenticationProvider(): ActiveDirectoryLdapAuthenticationProvider {
|
||||
return ActiveDirectoryLdapAuthenticationProvider("example.com", "ldap://company.example.com/")
|
||||
}
|
||||
----
|
||||
====
|
||||
|
|
|
|||
Loading…
Reference in New Issue