如何从 spring-security 获取明文密码? [英] How can I get plaintext password from spring-security?
问题描述
我使用 Grails + spring-security + LDAP 来验证用户.身份验证现在有效,但我需要纯文本密码来验证第二个服务.
I use Grails + spring-security + LDAP to authenticate users. The authentication works now but I need the plain text password to authenticate a second service.
我尝试了 SpringSecurityService 属性,但没有一个包含密码.
I tried the SpringSecurityService properties but none contains the password.
我是否必须实现我自己的 UserDetailsMapper 或者 LdapUserDetailsMapper 是否还提供了从 Web 表单中检索到的纯文本密码的映射?
Do I have to implement my own UserDetailsMapper or does the LdapUserDetailsMapper also provide the mapping of the plain text password retrieved from the web form?
推荐答案
您可以从 org.springframework.security.core.context.SecurityContextHolder
获取凭据.但是,我真的不认为使用它是一个好主意.您将无法使用记住我"或运行身份"或切换用户"功能,因为凭据将不包含当前用户的密码(它们可能为空).另外,我认为如果使用除基本 HTML 身份验证或表单身份验证以外的任何其他内容,您不会获得明文密码.
You can get the credentials from the org.springframework.security.core.context.SecurityContextHolder
. However, I really don't think it is a good idea to use this. You will not be able to use the 'remember-me' nor the 'run-as' or 'switch-user' functionality, because thne the credentials would not contain the current user's password (they will probably be null). Also, I don't think you would get the plaintext password if using anything other than basic HTML authentication or form authentication.
无论如何,如果使用表单身份验证,SecurityContextHolder.getContext().getAuthentication().getCredentials()
会为您提供明文密码.
Anyhow, SecurityContextHolder.getContext().getAuthentication().getCredentials()
will get you the plaintext password if using form authentication.
这篇关于如何从 spring-security 获取明文密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!