我的解决方案:
1.创建自定义UserDetailsContextMapper:
@Bean public UserDetailsContextMapper userDetailsContextMapper() { return new LdapUserDetailsMapper() { @Override public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) { UserDetails details = super.mapUserFromContext(ctx, username, authorities); return new CustomLdapUserDetails((LdapUserDetails) details, env); } }; }2.使用LdapAuthenticationProviderConfigurer绑定UserDetailsContextMapper:
auth.ldapAuthentication() .userDetailsContextMapper(userDetailsContextMapper()) .userDnPatterns(env.getRequiredProperty("ldap.user_dn_patterns")) .groupSearchbase(env.getRequiredProperty("ldap.group_search_base")) .contextSource() .url(env.getRequiredProperty("ldap.url"));3.实现CustomLdapUserDetails(目前仅更改isEnabled方法)。您可以向CustomLdapUserDetails添加一些额外的接口,方法,并在ActiveUserAccessor.getActiveUser()中返回扩展类。
public class CustomLdapUserDetails implements LdapUserDetails {private static final long serialVersionUID = 1L;private LdapUserDetails details;private Environment env;public CustomLdapUserDetails(LdapUserDetails details, Environment env) { this.details = details; this.env = env;}public boolean isEnabled() { return details.isEnabled() && getUsername().equals(env.getRequiredProperty("ldap.username"));}public String getDn() { return details.getDn();}public Collection<? extends GrantedAuthority> getAuthorities() { return details.getAuthorities();}public String getPassword() { return details.getPassword();}public String getUsername() { return details.getUsername();}public boolean isAccountNonExpired() { return details.isAccountNonExpired();}public boolean isAccountNonLocked() { return details.isAccountNonLocked();}public boolean isCredentialsNonExpired() { return details.isCredentialsNonExpired();}}
