[英]LDAP + Spring: how to correctly authenticate?
I realize LDAP authentication by Spring.用Spring实现LDAP认证。 In my case, I use
ActiveDirectoryLdapAuthenticationProvider
.就我而言,我使用
ActiveDirectoryLdapAuthenticationProvider
。
It looks like here:它看起来像这里:
private Authentication authenticate(String username, String password, HelpDescUser userDetails) {
String url = "ldap://" + ldapHost + ":" + port + "/";
ActiveDirectoryLdapAuthenticationProvider ldapProvider =
new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
String filterWithName = String.format(filter, username);
ldapProvider.setSearchFilter(filterWithName);
ldapProvider.setContextEnvironmentProperties(createProperties(username, password));
ldapProvider.setConvertSubErrorCodesToExceptions(true);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, password);
Authentication authenticate;
try {
authenticate = ldapProvider.authenticate(authentication);
} catch (Exception e) {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
if (Objects.nonNull(authenticate) && authenticate.isAuthenticated()) {
return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
} else {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
}
private Map<String, Object> createProperties(String username, String password) {
Map<String, Object> properties = new HashMap<>();
properties.put(Context.SECURITY_PRINCIPAL, username);
properties.put(Context.SECURITY_CREDENTIALS, password);
return properties;
}
I have a problem.我有个问题。
As I understand authentication schema, when we authenticate by user, we also need to have a technical account.据我了解身份验证模式,当我们通过用户进行身份验证时,我们还需要有一个技术帐户。 We bind by technical account & than sending user login & password, & after that, we receive answer.
我们通过技术帐户绑定&比发送用户登录名&密码,&之后,我们收到答复。 But in this schema, we bind with the same user to authenticate, & it's wrong - this user may have no rights to bind.
但是在这个模式中,我们绑定同一个用户进行身份验证,这是错误的——这个用户可能没有绑定权限。
Please, show me working solution to authenticate with Spring ActiveDirectoryLdapAuthenticationProvider
?请告诉我使用
Spring ActiveDirectoryLdapAuthenticationProvider
进行身份验证的有效解决方案?
When you declare ActiveDirectoryLdapAuthenticationProvider bean, you can use setContextEnvironmentProperties() method.当您声明 ActiveDirectoryLdapAuthenticationProvider bean 时,您可以使用setContextEnvironmentProperties()方法。
In example:例如:
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, ldapUrls, ldapBase);
setContextEnvironmentProperties(provider);
return provider;
}
private void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider provider) {
Map<String, Object> contextEnvironmentProperties = new HashMap<>();
if (StringUtils.isNotEmpty(ldapUsername)) {
contextEnvironmentProperties.put(Context.SECURITY_PRINCIPAL, ldapUsername);
}
if (StringUtils.isNotEmpty(ldapPassword)) {
contextEnvironmentProperties.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
if (!contextEnvironmentProperties.isEmpty()) {
provider.setContextEnvironmentProperties(contextEnvironmentProperties);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.