LDAP - 上下文源的 AD 用户名密码配置
LDAP - AD Username Password configuration for context-source
我正在使用 Spring 安全性来使用 LDAP 协议对 Active Directory 进行身份验证。以下代码也适用于身份验证和设置 LDAP 模板 (springSecurity.xml) :
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:ldap="http://www.springframework.org/schema/ldap"
xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/ldap
http://www.springframework.org/schema/ldap/spring-ldap.xsd">
<http use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/authenticated" access="isAuthenticated()" />
<form-login login-page="/login" default-target-url="/authenticated"
authentication-failure-url="/login?error=true" />
<logout />
</http>
<beans:bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<beans:property name="location">
<beans:value>classpath:/ldap.properties</beans:value>
</beans:property>
<beans:property name="SystemPropertiesMode">
<beans:value>2</beans:value> <!-- OVERRIDE is 2 -->
</beans:property>
</beans:bean>
<beans:bean id="adAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="${sample.ldap.domain}" />
<beans:constructor-arg value="${sample.ldap.url}" />
<beans:property name="useAuthenticationRequestCredentials"
value="true" />
<beans:property name="convertSubErrorCodesToExceptions"
value="true" />
</beans:bean>
<authentication-manager>
<authentication-provider ref="adAuthenticationProvider" />
</authentication-manager>
<!-- Ldap after authentication -->
<context:property-placeholder location="classpath:/ldap.properties"
system-properties-mode="OVERRIDE" />
<context:annotation-config />
<ldap:context-source id="contextSource"
password="${sample.ldap.password}"
url="${sample.ldap.url}"
username="${sample.ldap.userDn}"
base="${sample.ldap.base}"
referral="follow" />
<ldap:ldap-template id="ldapTemplate"
context-source-ref="contextSource" />
<ldap:repositories base-package="com.domain" />
<beans:bean class="com.service.UserService">
<beans:property name="directoryType" value="${sample.ldap.directory.type}" />
</beans:bean>
<!-- Required to make sure BaseLdapName is populated in UserService -->
<beans:bean
class="org.springframework.ldap.core.support.BaseLdapPathBeanPostProcessor" />
</beans:beans>
从 login.jsp 获取 j_username 和 j_password 时身份验证工作正常。要设置 ldap 模板,我使用属性文件中定义的用户名和密码属性,但我希望使用来自 spring 安全性的相同用户名和密码。请指导我如何将 ldap:context-source id="contextSource" 中的用户名和密码属性属性绑定到 spring 安全凭证。
代码有点乱,欢迎大家改进。
如参考文档的 Configuration chapter 中所述,您可以通过在配置中指定自定义 authentication-source-ref 来为 ContextSource 使用 Spring 安全身份验证上下文源的元素。在您的情况下,您将使用 SpringSecurityAuthenticationSource,附带 Spring 安全性。
<ldap:context-source id="contextSource"
url="${sample.ldap.url}"
base="${sample.ldap.base}"
referral="follow"
authentication-source-ref="authenticationSource"/>
<bean id="authenticationSource"
class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource" />
我正在使用 Spring 安全性来使用 LDAP 协议对 Active Directory 进行身份验证。以下代码也适用于身份验证和设置 LDAP 模板 (springSecurity.xml) :
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:ldap="http://www.springframework.org/schema/ldap"
xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/ldap
http://www.springframework.org/schema/ldap/spring-ldap.xsd">
<http use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/authenticated" access="isAuthenticated()" />
<form-login login-page="/login" default-target-url="/authenticated"
authentication-failure-url="/login?error=true" />
<logout />
</http>
<beans:bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<beans:property name="location">
<beans:value>classpath:/ldap.properties</beans:value>
</beans:property>
<beans:property name="SystemPropertiesMode">
<beans:value>2</beans:value> <!-- OVERRIDE is 2 -->
</beans:property>
</beans:bean>
<beans:bean id="adAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="${sample.ldap.domain}" />
<beans:constructor-arg value="${sample.ldap.url}" />
<beans:property name="useAuthenticationRequestCredentials"
value="true" />
<beans:property name="convertSubErrorCodesToExceptions"
value="true" />
</beans:bean>
<authentication-manager>
<authentication-provider ref="adAuthenticationProvider" />
</authentication-manager>
<!-- Ldap after authentication -->
<context:property-placeholder location="classpath:/ldap.properties"
system-properties-mode="OVERRIDE" />
<context:annotation-config />
<ldap:context-source id="contextSource"
password="${sample.ldap.password}"
url="${sample.ldap.url}"
username="${sample.ldap.userDn}"
base="${sample.ldap.base}"
referral="follow" />
<ldap:ldap-template id="ldapTemplate"
context-source-ref="contextSource" />
<ldap:repositories base-package="com.domain" />
<beans:bean class="com.service.UserService">
<beans:property name="directoryType" value="${sample.ldap.directory.type}" />
</beans:bean>
<!-- Required to make sure BaseLdapName is populated in UserService -->
<beans:bean
class="org.springframework.ldap.core.support.BaseLdapPathBeanPostProcessor" />
</beans:beans>
从 login.jsp 获取 j_username 和 j_password 时身份验证工作正常。要设置 ldap 模板,我使用属性文件中定义的用户名和密码属性,但我希望使用来自 spring 安全性的相同用户名和密码。请指导我如何将 ldap:context-source id="contextSource" 中的用户名和密码属性属性绑定到 spring 安全凭证。
代码有点乱,欢迎大家改进。
如参考文档的 Configuration chapter 中所述,您可以通过在配置中指定自定义 authentication-source-ref 来为 ContextSource 使用 Spring 安全身份验证上下文源的元素。在您的情况下,您将使用 SpringSecurityAuthenticationSource,附带 Spring 安全性。
<ldap:context-source id="contextSource"
url="${sample.ldap.url}"
base="${sample.ldap.base}"
referral="follow"
authentication-source-ref="authenticationSource"/>
<bean id="authenticationSource"
class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource" />