前言

本文主要講述如何利用Spring的JdbcTemplate訪問關(guān)系型數(shù)據(jù)庫忍啸。

本機(jī)環(huán)境

• Java：1.8.0

• maven：apache maven 3.6.0

• IDE ：IDEA

通過maven搭建系統(tǒng)

• pom文件：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <parent>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-parent</artifactId>
 <version>2.1.6.RELEASE</version>
 <relativePath/> <!-- lookup parent from repository -->
 </parent>
 <groupId>com.example</groupId>
 <artifactId>authenticating_ldap</artifactId>
 <version>0.0.1-SNAPSHOT</version>
 <name>demo</name>
 <description>Demo project for Spring Boot</description>
?
 <properties>
 <java.version>1.8</java.version>
 </properties>
?
 <dependencies>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web</artifactId>
 </dependency>
?
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-test</artifactId>
 <scope>test</scope>
 </dependency>
?
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.ldap</groupId>
 <artifactId>spring-ldap-core</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-ldap</artifactId>
 </dependency>
 <dependency>
 <groupId>com.unboundid</groupId>
 <artifactId>unboundid-ldapsdk</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-test</artifactId>
 <scope>test</scope>
 </dependency>
 <dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-test</artifactId>
 <scope>test</scope>
 </dependency>
 </dependencies>
?
 <build>
 <plugins>
 <plugin>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-maven-plugin</artifactId>
 </plugin>
 </plugins>
 </build>
</project>
?</pre>

注意到魁索，Spring的ldap認(rèn)證是在spring.security包下的，說明這是Security模塊下的一個(gè)功能炬灭。

控制器

下面我們來簡(jiǎn)單地建立一個(gè)控制器，以控制HTTP的request和response靡菇。

package com.example.demo.controller;
?
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
?
/**
 * @ClassName HomeController
 * @Description TODO
 * @Author wonderQin
 * @Date 2019-07-06 16:27
 **/
@Controller
public class HomeController {
 @GetMapping("/")
 public String index(){
 return "Hello, welcome to home page!";
 }
}

以上重归，我們通過返回一條簡(jiǎn)單的message來處理"/"的GET請(qǐng)求。

我們來復(fù)習(xí)下在個(gè)類中出現(xiàn)的注解的功能：

• @Controller: 被該注解作用的整個(gè)類厦凤，Spring MVC可以使用它的內(nèi)置掃描功能自動(dòng)檢測(cè)控制器并自動(dòng)配置Web路由（通俗地說就是標(biāo)志該類為控制器類鼻吮，但這種說法沒解釋到點(diǎn)子上）。

• @GetMapping：該注解則標(biāo)明被該注解標(biāo)記的類為HTTP的處理類较鼓，與@RequestMapping類似椎木，它主要有兩個(gè)功能：一是標(biāo)記路徑，標(biāo)記瀏覽器的訪問路徑博烂；二是說明REST操作香椎。這里的@GetMapping則顯式地說明該HTTP請(qǐng)求只能是”GET“請(qǐng)求。

Springboot入口類

?
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
?
@SpringBootApplication
public class DemoApplication {
?
 public static void main(String[] args) {
 SpringApplication.run(DemoApplication.class, args);
 }
?
}

該類的相關(guān)知識(shí)點(diǎn)在我之前的文章中有所描述禽篱，在這里復(fù)習(xí)下：

• @Configuration將類標(biāo)記為應(yīng)用程序上下文的bean定義源士鸥。

• @EnableAutoConfiguration告訴Spring Boot根據(jù)類路徑設(shè)置，其他bean和各種屬性設(shè)置開始添加bean谆级。

• 通常我們?cè)谑褂胹pring的mvc時(shí)烤礁，會(huì)為Spring MVC應(yīng)用程序添加@EnableWebMvc注解，但Spring Boot會(huì)在類路徑上看到spring-webmvc時(shí)自動(dòng)添加它肥照。 這會(huì)將應(yīng)用程序標(biāo)記為Web應(yīng)用程序并激活關(guān)鍵行為脚仔，例如設(shè)置DispatcherServlet。

• @ComponentScan告訴Spring在當(dāng)前目錄下（包括當(dāng)前目錄）的包中尋找其他組件舆绎，配置和服務(wù)鲤脏，允許它找到控制器。

配置LDAP的安全策略

?
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import sun.nio.cs.ext.GBK;
?
/**
 * @ClassName WebSecurityConfig
 * @Description TODO
 * @Author wonderQin
 * @Date 2019-07-06 16:29
 **/
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 @Override
 protected void configure(HttpSecurity httpSecurity) throws Exception{
 httpSecurity.authorizeRequests()
 .anyRequest().fullyAuthenticated()
 .and()
 .formLogin();
 }
?
 @Override
 public void configure(AuthenticationManagerBuilder builder) throws Exception{
 builder
 .ldapAuthentication()
 .userDnPatterns("uid={0},ou=people")
 .groupSearchBase("ou=groups")
 .contextSource()
 .url("ldap://localhost:8080/dc=springframework,dc=org")
 .and()
 .passwordCompare()
 .passwordEncoder(new PasswordEncoder() {
 @Override
 public String encode(CharSequence charSequence) {
 return "gbk";
 }
?
 @Override
 public boolean matches(CharSequence charSequence, String s) {
 return false;
 }
 })
 .passwordAttribute("usePassword");
 }
}

這里其實(shí)就是重寫了WebSecurityConfigurerAdapter中的配置策略：

• configure(HttpSecurity httpSecurity)方法是對(duì)LDAP登錄模式的配置吕朵；

• configure(AuthenticationManagerBuilder builder)：則是對(duì)Security LDAP上下文的配置猎醇，比如：LDAP服務(wù)器、編碼方式等努溃。

• 在我們看到：.url("ldap://localhost:8080/dc=springframework,dc=org")的時(shí)候硫嘶，就明白我們這里還需要一個(gè)ldap服務(wù)器，該服務(wù)器可以自己搭建梧税，這里可以參考LDAP服務(wù)器的搭建

• ldapAuthentication（）方法配置登錄表單中的用戶名插入{0}的內(nèi)容沦疾，以便在LDAP服務(wù)器中搜索uid = {0}称近，ou = people，dc = springframework哮塞，dc = org刨秆。 此外，passwordCompare（）方法配置編碼器和密碼屬性的名稱忆畅。

使用LDIF交換用戶數(shù)據(jù)

LDAP服務(wù)器可以使用LDIF（LDAP數(shù)據(jù)交換格式）文件來交換用戶數(shù)據(jù)衡未。 application.properties中的spring.ldap.embedded.ldif屬性允許Spring Boot拉入LDIF數(shù)據(jù)文件。 這樣可以輕松預(yù)加載演示數(shù)據(jù)家凯。

• 在resources文件夾下新建test-server.ldif文件

objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
?
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
?
dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups
?
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
?
dn: ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: space cadets
?
dn: ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: "quoted people"
?
dn: ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: otherpeople
?
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
?
dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword
?
dn: uid=joe,ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Smeth
sn: Smeth
uid: joe
userPassword: joespassword
?
dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Mouse, Jerry
sn: Mouse
uid: jerry
userPassword: jerryspassword
?
dn: cn=slash/guy,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: slash/guy
sn: Slash
uid: slashguy
userPassword: slashguyspassword
?
dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: quote\"guy
sn: Quote
uid: quoteguy
userPassword: quoteguyspassword
?
dn: uid=space cadet,ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Space Cadet
sn: Cadet
uid: space cadet
userPassword: spacecadetspassword
?
?
?
dn: cn=developers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: developers
ou: developer
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
?
dn: cn=managers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: managers
ou: manager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
?
dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: submanagers
ou: submanager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org

• application.properties文件配置

spring.ldap.embedded.base-dn=dc=springframework,dc=org
spring.ldap.embedded.port=8389

運(yùn)行

同樣地

你可以選擇以下方式運(yùn)行：

• IDE直接啟動(dòng)

• 打jar包用命令行啟動(dòng)

java -jar

• 打war包到tomcat上啟動(dòng)

運(yùn)行結(jié)果：

再次訪問：localhost:8080/時(shí)則需要通過LDAP登錄了：

image

這時(shí)候輸入用戶名：ben 密碼：benspassword就可以通過驗(yàn)證