如何从 spring-security 获取明文密码? [英] How can I get plaintext password from spring-security?

问题描述

我使用 Grails + spring-security + LDAP 来验证用户.身份验证现在有效，但我需要纯文本密码来验证第二个服务.

I use Grails + spring-security + LDAP to authenticate users. The authentication works now but I need the plain text password to authenticate a second service.

我尝试了 SpringSecurityService 属性，但没有一个包含密码.

I tried the SpringSecurityService properties but none contains the password.

我是否必须实现我自己的 UserDetailsMapper 或者 LdapUserDetailsMapper 是否还提供了从 Web 表单中检索到的纯文本密码的映射?

Do I have to implement my own UserDetailsMapper or does the LdapUserDetailsMapper also provide the mapping of the plain text password retrieved from the web form?

推荐答案

您可以从 org.springframework.security.core.context.SecurityContextHolder 获取凭据.但是，我真的不认为使用它是一个好主意.您将无法使用记住我"或运行身份"或切换用户"功能，因为凭据将不包含当前用户的密码(它们可能为空).另外，我认为如果使用除基本 HTML 身份验证或表单身份验证以外的任何其他内容，您不会获得明文密码.

You can get the credentials from the org.springframework.security.core.context.SecurityContextHolder. However, I really don't think it is a good idea to use this. You will not be able to use the 'remember-me' nor the 'run-as' or 'switch-user' functionality, because thne the credentials would not contain the current user's password (they will probably be null). Also, I don't think you would get the plaintext password if using anything other than basic HTML authentication or form authentication.

无论如何，如果使用表单身份验证，SecurityContextHolder.getContext().getAuthentication().getCredentials() 会为您提供明文密码.

Anyhow, SecurityContextHolder.getContext().getAuthentication().getCredentials() will get you the plaintext password if using form authentication.

这篇关于如何从 spring-security 获取明文密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！