-
Configure the database connection and set the authentication method to DB
After properly configuring the database connection through Database Configuration
modify thain-web/src/main/resources/application.properties
#User authentication via database thain.login.source=DBAuthentication
-
Add user
The current version does not provide background management yet. Adding users can use this method.
com.xiaomi.thain.server.dao.UserDao.insertUser(ThainUser user)
-
Configuring Ldap and starting the serviceReference openLdap
The LDIF is defined as follows (the basic user admin: admin is defined)
dn: {your base DN} objectClass: dcObject objectClass: organization objectClass: top dc: {your DC} o: {your organization} dn: ou=people,{your base DN} objectClass: organizationalUnit objectClass: top ou: people dn: uid=admin,ou=people,{your base DN} objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: admin sn: admin uid: admin userPassword:: e0NSWVBUfVo2VGdhNGVkQkFjekU= -
Configure the Ldap connection and set the authentication method to Ldap
thain-server/src/main/resources/application.properties中添加
spring.ldap.urls=ldap:{ldap-url} spring.ldap.username={ldap-username} spring.ldap.password={ldap-password} spring.ldap.base={ldap-baseDn}
And modify
#User authentication via Ldap thain.login.source=LdapAuthentication
-
Add user
Adding users can use this method
com.xiaomi.thain.server.dao.LdapUserDao.save(LdapUser user)
-
Apply the client-id and client-secret of the third-party application that needs to log in and add two basic configurations:
spring.security.oauth2.client.registration.{clientName}.client-id=${clientId}
spring.security.oauth2.client.registration.{clientName}.client-secret=${clientSecret}More specific configuration can refer to the spring-security document
-
To manually register ClientRegistration, you can configure it as follows
@Configuration public class OAuth2LoginConfig { //添加客户端并注册bean @Bean public ClientRegistrationRepository clientRegistrationRepository() { return new InMemoryClientRegistrationRepository(this.googleClientRegistration()); } //添加google客户端的配置 private ClientRegistration googleClientRegistration() { return ClientRegistration.withRegistrationId("google") .clientId("google-client-id") .clientSecret("google-client-secret") //... .clientName("Google") .build(); } }
And modify
@EnableWebSecurity @Slf4j public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private final ClientRegistrationRepository clientRegistrationRepository; //... /** * Third-party login configuration * * @param http HttpSecurity */ private void thirdConfig(HttpSecurity http) throws Exception { http.oauth2Login() .clientRegistrationRepository(clientRegistrationRepository); //... } }
-
Modify the login page of the front-end project thain-fe, add the corresponding third-party login link, and the system provides google third-party login by default.
<a href="/api/oauth2/authorization/{clientName}"></a>
-
If you do not need a third-party login, delete the configuration
Project user permission verification uses spring security framework, more content reference spring-security