【发布时间】:2014-09-13 11:06:21
【问题描述】:
我有一个 Camel 应用程序,它使用 camel-restlet 进行 Web 服务调用。现在我想为 restlet 调用添加 ldap 身份验证。尝试了骆驼restlet领域的几个选项,LdapVerifier使用ChallengeAuthenticator。不能让它工作!需要帮忙?谢谢
我可以使用 LDAP SecretVerifer 将 LDAP 身份验证添加到 restlet。但是如果restlet调用被Camel路由包裹(使用org.apache.camel.component.restlet.MethodBasedRoute)。 SecretVerifer 未触发。
以下是一些代码和配置: web.xml:
<servlet>
<servlet-name>RestletServlet</servlet-name>
<servlet-class>org.restlet.ext.spring.SpringServerServlet</servlet-class>
<init-param>
<param-name>org.restlet.component</param-name>
<param-value>RestletComponent</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>RestletServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
CamelContext.xml
<bean id="RestletComponent" class="org.restlet.Component">
<property name="defaultHost" ref="defaultHost" />
</bean>
<bean id="challengeAuthenticator" class="org.restlet.security.ChallengeAuthenticator">
<constructor-arg><null /></constructor-arg>
<!-- Sets the Challenge scheme parameter to the static class member -->
<constructor-arg value="#{ T(org.restlet.data.ChallengeScheme).HTTP_BASIC }" />
<constructor-arg value="restletRealm" />
<property name="verifier" ref="ldapVerifer" />
<property name="next" ref="application" />
</bean>
<bean id="defaultHost" class="org.restlet.ext.spring.SpringHost">
<constructor-arg ref="RestletComponent" />
<property name="defaultAttachment" ref="challengeAuthenticator" />
</bean>
<!-- Restlet application -->
<bean id="application" class="org.restlet.Application">
<!-- Sets the router for the application -->
<property name="inboundRoot" ref="router" />
</bean>
<!-- Used to map routes to Restlet resources -->
<bean id="router" class="org.restlet.ext.spring.SpringRouter">
<property name="attachments">
<map>
<entry key="/user/{name}">
<bean class="org.restlet.ext.spring.SpringFinder">
<lookup-method name="create" bean="userServerResource" />
</bean>
</entry>
</map>
</property>
</bean>
<bean id="RestletComponentService" class="org.apache.camel.component.restlet.RestletComponent">
<constructor-arg ref="RestletComponent" />
</bean>
LdapVerifer.java
@Service(value="ldapVerifer")
public class LdapVerifer extends SecretVerifier {
@Autowired
private AuthenticationManager authenticationManager;
private static final Logger logger = LoggerFactory
.getLogger(LdapVerifer.class);
@Override
public int verify(String userName, char[] password)
{
logger.debug("Start authenticating login user : " + userName);
long startTime = System.currentTimeMillis();
StringBuffer pd = new StringBuffer();
for(int i = 0; i < password.length; i++){
pd.append(password[i]);
}
try {
Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userName, pd.toString()));
if (authenticate.isAuthenticated())
{
SecurityContextHolder.getContext().setAuthentication(authenticate);
long endTime = System.currentTimeMillis();
logger.debug ("Authentication for login user " + userName + " succeed. the process time is: " + (endTime - startTime) + " milliseconds");
return RESULT_VALID;
}
}
catch (AuthenticationException e)
{
logger.error("Failed to authenticate login user: " + userName, e);
}
return RESULT_VALID;
}
这是restlet路由的输出:
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.restlet.security.ChallengeAuthenticator@1ee53046 to URI: /medbus
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.apache.camel.component.restlet.MethodBasedRouter@6f52bffd to URI: /medbus/wf/query/{id}/{includeResult}
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.apache.camel.component.restlet.MethodBasedRouter@681b8815 to URI: /medbus/wf/query
Jul 23, 2014 10:05:44 AM org.apache.catalina.core.ApplicationContext log
INFO: RestletServlet: [Restlet] Attaching restlet: org.apache.camel.component.restlet.MethodBasedRouter@34717fcf to URI: /medbus/wf/reprocess/{id}
如果你不是在骆驼路由中访问 URI,则 Ldap 身份验证被启动,但如果你在骆驼路由中访问 URI。根本没有触发 ldap 身份验证。 例如,如果您调用/medbus/user/name,它可以正常工作,但如果您调用/medbus/wf/query,则没有身份验证。
提前致谢!
【问题讨论】:
-
请贴一些代码,也许有错误?
-
我最终通过覆盖camel restlet 组件和几个包级类和私有方法创建了自己的secureRestlet。我将 LDAPVerifier 注入到secureRestlet。现在如果你使用像“secureRestlet:”这样的端点,它会触发ldap auth。如果您使用“restlet:”之类的端点,则不会发生 ldap 身份验证。
-
对不起,我错过了您添加代码和错误的事实。为什么不在下面发布答案。
标签: spring-security ldap apache-camel restlet-2.0