【问题标题】:LDAP Authentication for Camel + restlet appCamel + restlet 应用程序的 LDAP 身份验证
【发布时间】:2014-09-13 11:06:21
【问题描述】:

我有一个 Camel 应用程序,它使用 camel-restlet 进行 Web 服务调用。现在我想为 restlet 调用添加 ldap 身份验证。尝试了骆驼restlet领域的几个选项,LdapVerifier使用ChallengeAuthenticator。不能让它工作!需要帮忙?谢谢

我可以使用 LDAP SecretVerifer 将 LDAP 身份验证添加到 restlet。但是如果restlet调用被Camel路由包裹(使用org.apache.camel.component.restlet.MethodBasedRoute)。 SecretVerifer 未触发。

以下是一些代码和配置: web.xml:

<servlet>
  <servlet-name>RestletServlet</servlet-name>
  <servlet-class>org.restlet.ext.spring.SpringServerServlet</servlet-class>
  <init-param>
    <param-name>org.restlet.component</param-name>
    <param-value>RestletComponent</param-value>
  </init-param>
</servlet>
<servlet-mapping>
  <servlet-name>RestletServlet</servlet-name>
  <url-pattern>/*</url-pattern>
</servlet-mapping>

CamelContext.xml

<bean id="RestletComponent" class="org.restlet.Component">
    <property name="defaultHost" ref="defaultHost" />
</bean>

<bean id="challengeAuthenticator" class="org.restlet.security.ChallengeAuthenticator">
    <constructor-arg><null /></constructor-arg>
    <!-- Sets the Challenge scheme parameter to the static class member -->
    <constructor-arg value="#{ T(org.restlet.data.ChallengeScheme).HTTP_BASIC }" />
    <constructor-arg value="restletRealm" />
    <property name="verifier" ref="ldapVerifer" />
     <property name="next" ref="application" /> 
</bean>

<bean id="defaultHost" class="org.restlet.ext.spring.SpringHost">
    <constructor-arg ref="RestletComponent" />
    <property name="defaultAttachment" ref="challengeAuthenticator" />
</bean>

<!-- Restlet application -->
<bean id="application" class="org.restlet.Application">
    <!-- Sets the router for the application -->
    <property name="inboundRoot" ref="router" />
</bean>


<!-- Used to map routes to Restlet resources -->
<bean id="router" class="org.restlet.ext.spring.SpringRouter">
    <property name="attachments">
        <map>
            <entry key="/user/{name}">
                 <bean class="org.restlet.ext.spring.SpringFinder">
                    <lookup-method name="create" bean="userServerResource" />
                </bean>
            </entry>
        </map>
    </property>
</bean>

<bean id="RestletComponentService"  class="org.apache.camel.component.restlet.RestletComponent">
<constructor-arg ref="RestletComponent" />
</bean>

LdapVerifer.java

@Service(value="ldapVerifer")
public class LdapVerifer extends SecretVerifier {

@Autowired
private AuthenticationManager authenticationManager;

private static final Logger logger = LoggerFactory
        .getLogger(LdapVerifer.class);

@Override
public int verify(String userName, char[] password) 
{

    logger.debug("Start authenticating login user : " + userName);
    long startTime = System.currentTimeMillis();

    StringBuffer pd = new StringBuffer();

    for(int i = 0; i < password.length; i++){
        pd.append(password[i]);
    }
    try {
        Authentication authenticate = authenticationManager.authenticate(new    UsernamePasswordAuthenticationToken(userName, pd.toString()));
        if (authenticate.isAuthenticated()) 
        {
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            long endTime = System.currentTimeMillis();
            logger.debug ("Authentication for login user " + userName + " succeed. the    process time is: "  + (endTime - startTime) + " milliseconds");
            return RESULT_VALID;
        }
    }
    catch (AuthenticationException e) 
    {
        logger.error("Failed to authenticate login user: " + userName, e);
    }
    return RESULT_VALID;
}

这是restlet路由的输出:

Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet:      org.restlet.security.ChallengeAuthenticator@1ee53046 to URI: /medbus
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet:  org.apache.camel.component.restlet.MethodBasedRouter@6f52bffd to URI: /medbus/wf/query/{id}/{includeResult}
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.apache.camel.component.restlet.MethodBasedRouter@681b8815 to URI: /medbus/wf/query
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.apache.camel.component.restlet.MethodBasedRouter@34717fcf to URI: /medbus/wf/reprocess/{id}

如果你不是在骆驼路由中访问 URI,则 Ldap 身份验证被启动,但如果你在骆驼路由中访问 URI。根本没有触发 ldap 身份验证。 例如,如果您调用/medbus/user/name,它可以正常工作,但如果您调用/medbus/wf/query,则没有身份验证。

提前致谢!

【问题讨论】:

  • 请贴一些代码,也许有错误?
  • 我最终通过覆盖camel restlet 组件和几个包级类和私有方法创建了自己的secureRestlet。我将 LDAPVerifier 注入到secureRestlet。现在如果你使用像“secureRestlet:”这样的端点,它会触发ldap auth。如果您使用“restlet:”之类的端点,则不会发生 ldap 身份验证。
  • 对不起,我错过了您添加代码和错误的事实。为什么不在下面发布答案。

标签: spring-security ldap apache-camel restlet-2.0


【解决方案1】:

我最终通过覆盖camel restlet 组件和几个包级类和私有方法创建了自己的secureRestlet。我将 LDAPVerifier 注入到secureRestlet。现在如果你使用像“secureRestlet:”这样的端点,它会触发ldap auth。如果您使用“restlet:”之类的端点,则不会发生 ldap 身份验证。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2016-04-30
    • 1970-01-01
    • 2018-04-15
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-10-01
    相关资源
    最近更新 更多