SpringBoot,如何在不使用 ldif 的情况下使用 LDAP 进行身份验证? [英] SpringBoot, how to Authenticate with LDAP without using ldif?
问题描述
我正在 SpringBoot here
I am trying out the LDAP Authentication example in SpringBoot here
它使用的是 ldif 方法,我认为这不适用于我的要求,因为我们的 ldap 管理员不会告诉我在哪里可以找到我需要的 ldif.在 springboot 之前,我曾经使用我自己的 ldap 实现而不使用 ldif.有没有办法验证不使用 ldif 只是 SECURITY_AUTHENTICATION.simple ?下面是我如何在基本的 Java no spring 中执行 ldap 安全性.如何在不使用 ldif 的情况下在 spring 中执行此操作,而仅使用基本用户名密码.
It is using the ldif approach which I think is not applicable to my requirements because our ldap admin wont tell me where to find the ldif that I need. Before springboot I used to use my own ldap implementation not using ldif. Is there a way to validate not using ldif just the SECURITY_AUTHENTICATION.simple ? Below is how I do ldap security in basic Java no spring. How do I do this in spring without using ldif just basic username password.
boolean isLdapRegistred(String username, String password) {
boolean result = false;
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);
result = ctx != null;
if (ctx != null)
ctx.close();
System.out.println(result);
return result;
} catch (Exception e) {
System.out.println("oops");
return result;
}
}
下面是 SpringBoots 示例,需要使用我的凭据而不是 ldif.
Below is SpringBoots example need to use my credentials instead of ldif.
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource().ldif("classpath:test-server.ldif");
}
}
推荐答案
这个方案对我来说效果很好,但我需要对它进行微小的修改.
this one has worked perfectly for me but I need to make tiny modifications to it.
@Configuration
@EnableWebSecurity
public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
Arrays.asList("ldapServerUrl:port"),rootDn);
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase));
return ldapAuthenticationProvider;
}
}
我已经受苦了好几天才走到这一步否则,您可以使用自定义身份验证并像这样
I have suffered for days before getting to this point Other wise you can use custom authentication and make the like this
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private Logger log = Logger.getLogger(CustomAuthenticationProvider.class);
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String email = authentication.getName();
String password = authentication.getCredentials().toString();
log.info("email : " + email);
log.info("password : " + password);
try {
if (authenticate(email, password)) {
// use the credentials
// and authenticate against the third-party system
return new UsernamePasswordAuthenticationToken(
email, password, new ArrayList<>());
} else {
return null;
}
} catch (NamingException ex) {
log.info(ex);
}
return null;
}
boolean isLdapRegistred(String username, String password) {
boolean result = false;
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);
result = ctx != null;
if (ctx != null)
ctx.close();
System.out.println(result);
return result;
} catch (Exception e) {
System.out.println("oops");
return result;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
UsernamePasswordAuthenticationToken.class);
}
}
在另一堂课上
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private Logger log = Logger.getLogger(WebSecurityConfiguration.class);
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(
AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic();
}
}
然后奇迹发生了
这篇关于SpringBoot,如何在不使用 ldif 的情况下使用 LDAP 进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!