[英]Configuring Spring Security to Authenticate against LDAP without anonymous and without bind DN
Using JNDI I can successfully authenticate against our LDAP server, which has anonymous binds disabled, using only the user's username and password, like this: 使用JNDI,我可以仅使用用户的用户名和密码,针对禁用了匿名绑定的LDAP服务器成功进行身份验证,如下所示:
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, userName);
env.put(Context.SECURITY_CREDENTIALS, password);
DirContext ctx = new InitialDirContext(env);
Attribute groups = ctx.getAttributes(userName).get("groupMembership");
Now I would like to do the same thing using Spring Boot, Spring Security, and Spring LDAP. 现在,我想使用Spring Boot,Spring Security和Spring LDAP做同样的事情。
I can successfully configure authentication using a bind DN and password, like this: 我可以使用绑定DN和密码成功配置身份验证,如下所示:
DefaultSpringSecurityContextSource context = new DefaultSpringSecurityContextSource(ldapConfig.url);
context.setUserDn(ldapConfig.bindDn);
String bindPassword = passwordResolver.getPassword(ldapConfig.password);
context.setPassword(bindPassword);
context.afterPropertiesSet();
CustomAuthoritiesPopulator customAuthoritiesPopulator = new CustomAuthoritiesPopulator(context, ldapConfig.groupSearchBase);
String[] dnPatArr = new String[ldapConfig.userDnPatterns.size()];
ldapConfig.userDnPatterns.toArray(dnPatArr);
auth.ldapAuthentication()
.ldapAuthoritiesPopulator(customAuthoritiesPopulator)
.contextSource(context)
.userDnPatterns(dnPatArr)
.groupSearchBase(ldapConfig.groupSearchBase);
This works--the Spring Boot webapp will authenticate my users successfully. 这可以正常工作-Spring Boot Webapp将成功验证我的用户。
But I would like to do this without passing in the bind DN and bind password, just like I did with the JNDI example. 但是,我想这样做而不传递绑定DN和绑定密码,就像我对JNDI示例所做的那样。
If I simply omit setting the bind DN and password, I will get "LDAP: error code 48 - Anonymous Simple Bind Disabled.". 如果我只是忽略设置绑定DN和密码,我将得到“ LDAP:错误代码48-禁用匿名简单绑定”。
I don't want to do an anonymous bind--I want Spring to use the username and password the user provides to do a simple bind against each of my bind DN patterns until one works. 我不想进行匿名绑定-我希望Spring使用用户提供的用户名和密码对我的每个绑定DN模式进行简单绑定,直到一个可行为止。
I've read the docs but I'm having a hard time determining whether or not that is possible. 我已经阅读了文档,但是很难确定是否可行。 JNDI can do it so I figure I should be able to get Spring to do it.
JNDI可以做到,所以我认为我应该能够让Spring做到这一点。 I've thought about writing my own custom Spring Security authentication provider but surely that's not necessary.
我已经考虑过编写自己的自定义Spring Security身份验证提供程序,但是肯定没有必要。
In the JNDI, authentication information is specified in environment properties. 在JNDI中,认证信息在环境属性中指定。 Please make sure the property names are spelled correctly.
请确保属性名称拼写正确。
For example environment property for credentials is java.naming.security.credentials
not java.naming.security.credential
. 例如,凭证的环境属性是
java.naming.security.credentials
而不是java.naming.security.credential
。 Notice the missing letter 's'
at the end would give 请注意,最后
missing letter 's'
会给出
"LDAP: error code 48 - Anonymous Simple Bind Disabled."
“ LDAP:错误代码48-已禁用匿名简单绑定。”
<bean id="jndiTemplate" class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
<prop key="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</prop>
<prop key="java.naming.provider.url">ldap://serverURL/jndi_ctx
</prop>
<prop key="java.naming.security.authentication">simple</prop>
<prop key="java.naming.security.principal">user_id</prop>
<prop key="java.naming.security.credentials">password</prop>
</props>
</property>
</bean>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.