我如何从spring-security获取明文密码？ [英] How can I get plaintext password from spring-security?

问题描述

我使用Grails + spring-security + LDAP来验证用户身份。身份验证现在可用，但我需要纯文本密码来验证第二个服务。

我尝试了SpringSecurityService属性，但没有包含密码。 b

我必须实现自己的UserDetailsMapper还是LdapUserDetailsMapper还提供从Web表单检索的纯文本密码的映射？

解决方案

您可以从 org.springframework.security.core.context.SecurityContextHolder 中获取凭据。但是，我真的不认为这是一个好主意。您将无法使用'记住我'，'运行'或'切换用户'功能，因为凭证不包含当前用户的密码（它们可能为空）。另外，如果使用除基本HTML身份验证或表单身份验证以外的其他任何内容，我认为您不会获得明文密码。

无论如何， SecurityContextHolder。如果使用表单认证，getContext（）。getAuthentication（）。getCredentials（）将为您提供明文密码。

I use Grails + spring-security + LDAP to authenticate users. The authentication works now but I need the plain text password to authenticate a second service.

I tried the SpringSecurityService properties but none contains the password.

Do I have to implement my own UserDetailsMapper or does the LdapUserDetailsMapper also provide the mapping of the plain text password retrieved from the web form?

解决方案

You can get the credentials from the org.springframework.security.core.context.SecurityContextHolder. However, I really don't think it is a good idea to use this. You will not be able to use the 'remember-me' nor the 'run-as' or 'switch-user' functionality, because thne the credentials would not contain the current user's password (they will probably be null). Also, I don't think you would get the plaintext password if using anything other than basic HTML authentication or form authentication.

Anyhow, SecurityContextHolder.getContext().getAuthentication().getCredentials() will get you the plaintext password if using form authentication.

这篇关于我如何从spring-security获取明文密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！