0
我为DefaultLdapAuthoritiesPopulator创建了一个AuthoritiesMapper。角色正在正确映射,并使用拦截url。Spring Security 3.1 - LdapAuthenticationProvider + GrantedAuthoritiesMapper
如果我尝试使用getUserPrincipal()访问控制器中的角色,我仍然在获取LDAP组。
看看populator中的代码,它应该可以工作。
任何想法是什么错误或如何修复?我需要证明的意见/隐藏部分取决于角色
/*************************************************************************************
* Maps Spring Security GrantedAuthorities
* e.g. AD groups populated using LdapAuthoritiesPopulator mapped to fixed role names
* as defined in a Map instance (e.g. populated from a property file)
*
* Sample roleMap:
* Key Value
* Group1 ROLE_USER
* Group2 ROLE_ADMIN
* Group3 ROLE_ADMIN,ROLE_USER
*************************************************************************************/
public class MapBasedGrantedAuthorityMapper implements GrantedAuthoritiesMapper {
private Map<String,String> roleMap;
private String stringSeparator = ",";
private SimpleGrantedAuthority unknownAuthorithy = new SimpleGrantedAuthority("ROLE_UNKNOWN");
private boolean keepUnknownAuthorities = false;
public MapBasedGrantedAuthorityMapper(Map<String,String> roleMap){
this.roleMap = roleMap;
}
public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
String[] mappedValues;
Set<GrantedAuthority> mapped = new HashSet<GrantedAuthority>(authorities.size());
for (GrantedAuthority auth : authorities) {
if (roleMap.containsKey(auth.getAuthority())) {
mappedValues = StringUtils.split(roleMap.get(auth.getAuthority()),stringSeparator);
for (String mappedValue: mappedValues) {
mapped.add(new SimpleGrantedAuthority(StringUtils.trimToEmpty(mappedValue)));
}
} else if (keepUnknownAuthorities){
mapped.add(auth);
} else if (unknownAuthorithy != null){
mapped.add(unknownAuthorithy);
}
}
return mapped;
}
// getters and setters
}