LDAP + Spring:如何正确认证?
[英]LDAP + Spring: how to correctly authenticate?
问题描述
I realize LDAP authentication by Spring.
用Spring实现LDAP认证。 In my case, I use ActiveDirectoryLdapAuthenticationProvider .就我而言,我使用ActiveDirectoryLdapAuthenticationProvider 。
It looks like here:它看起来像这里:
private Authentication authenticate(String username, String password, HelpDescUser userDetails) {
String url = "ldap://" + ldapHost + ":" + port + "/";
ActiveDirectoryLdapAuthenticationProvider ldapProvider =
new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
String filterWithName = String.format(filter, username);
ldapProvider.setSearchFilter(filterWithName);
ldapProvider.setContextEnvironmentProperties(createProperties(username, password));
ldapProvider.setConvertSubErrorCodesToExceptions(true);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, password);
Authentication authenticate;
try {
authenticate = ldapProvider.authenticate(authentication);
} catch (Exception e) {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
if (Objects.nonNull(authenticate) && authenticate.isAuthenticated()) {
return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
} else {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
}
private Map<String, Object> createProperties(String username, String password) {
Map<String, Object> properties = new HashMap<>();
properties.put(Context.SECURITY_PRINCIPAL, username);
properties.put(Context.SECURITY_CREDENTIALS, password);
return properties;
}
I have a problem.我有个问题。
As I understand authentication schema, when we authenticate by user, we also need to have a technical account.据我了解身份验证模式,当我们通过用户进行身份验证时,我们还需要有一个技术帐户。 We bind by technical account & than sending user login & password, & after that, we receive answer.我们通过技术帐户绑定&比发送用户登录名&密码,&之后,我们收到答复。 But in this schema, we bind with the same user to authenticate, & it's wrong - this user may have no rights to bind.但是在这个模式中,我们绑定同一个用户进行身份验证,这是错误的——这个用户可能没有绑定权限。
Please, show me working solution to authenticate with Spring ActiveDirectoryLdapAuthenticationProvider ?请告诉我使用Spring ActiveDirectoryLdapAuthenticationProvider进行身份验证的有效解决方案?
1 个解决方案
解决方案1
1 2020-09-01 11:54:32
When you declare ActiveDirectoryLdapAuthenticationProvider bean, you can use setContextEnvironmentProperties() method.当您声明 ActiveDirectoryLdapAuthenticationProvider bean 时,您可以使用setContextEnvironmentProperties()方法。
In example:例如:
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, ldapUrls, ldapBase);
setContextEnvironmentProperties(provider);
return provider;
}
private void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider provider) {
Map<String, Object> contextEnvironmentProperties = new HashMap<>();
if (StringUtils.isNotEmpty(ldapUsername)) {
contextEnvironmentProperties.put(Context.SECURITY_PRINCIPAL, ldapUsername);
}
if (StringUtils.isNotEmpty(ldapPassword)) {
contextEnvironmentProperties.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
if (!contextEnvironmentProperties.isEmpty()) {
provider.setContextEnvironmentProperties(contextEnvironmentProperties);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.