java - 如何在 Spring Boot 中获取 LDAP 用户名

Question

当用户尝试在 Springboot 中使用 Active Directory 通过 LDAP 进行身份验证时如何获取用户名。

正如我尝试使用下面的代码但出现错误，如下所示:

LDAP 配置:

#ldap.url=ldap://localhost:389

#ldap.base.dn=dc=springframework,dc=org
#ldap.user.dn.pattern=(&(objectClass=user)(userPrincipalName={0})(memberof=CN=GroupACCESS,OU=people, DC=springframework,DC=org))

WebSecurityConfig.java

    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.urls}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;


        @Override
        protected void configure(HttpSecurity http) throws Exception {

          http.addFilterBefore(
                  new CustomFilter(), UsernamePasswordAuthenticationFilter.class);

            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);


            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {

                adProvider.setSearchFilter(this.ldapUserDnPattern);

                Authentication auth1 = SecurityContextHolder.getContext().getAuthentication();
                String userName = auth1.getName();
                String password = (String)auth1.getCredentials();

                log.info("userName:"+userName);
            }


            auth.authenticationProvider(adProvider);

        }
    }

请找到如下所示的错误日志:

 [ERROR] 2018-08-23 15:13:53.376 [restartedMain] SpringApplication - Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:587) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1250) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1099) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:312) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) ~[spring-beans-5.0.4.RELEASE.jar:5.0.4.RELEASE]

有人可以调查一下这个问题并帮助我吗？

Answer 1

将以下过滤器添加到您的 WebSecurityConfigurerAdapter 以从请求中读取用户名参数:

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().addFilterBefore(new Filter() {

            public void init(FilterConfig filterConfig) throws ServletException {

            }

            public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
                    throws IOException, ServletException {
                if (request.getParameter("username")!=null) System.out.println(request.getParameter("username"));
                chain.doFilter(request, response);
            }

            public void destroy() {

            }
        }, UsernamePasswordAuthenticationFilter.class);
    }