Spring Security中的Ldap配置-自己的类

Question

I want to write my own LDAP authentication provider. I am extending AbstractUserDetailsAuthenticationProvider , which has a method retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) .

I want to override this method and write my own data retrieving method. How to do that in Java? How to make an LDAP query and how connect to the LDAP server? I was searching in Internet but I didn't find anything that helped.

EDIT: 22.01.2013

@Override
protected UserDetails retrieveUser(String username,
        UsernamePasswordAuthenticationToken authentication)
        throws AuthenticationException {

    LdapUser userDetail = null;

    log.entry("retrieveUser", authentication.getPrincipal());

    UsernamePasswordAuthenticationToken userToken = authentication;
    String userName = userToken.getName();
    userName = userName != null ? userName.toLowerCase() : userName;
    String password = userToken.getCredentials().toString();

    try {
        if (password == null || "".equals(password)) {
            log.debug("retrieveUser", "no password provided");
            throw new AuthenticationCredentialsNotFoundException(
                    "Invalid login or password");
        }
    }

    catch (AuthenticationCredentialsNotFoundException e) {
        log.debug("retrieveUser", "no password provided");
    }

    // connection with ldap and check retrieved username and password
    connect = connection(userName, password);

    if (connect) {
        log.debug("retrieve user", "correct connection with ldap");
        userDetail = new LdapUser();
        setUserDetails(userDetail, ctx, username);

    } else {
        log.error("retrieve user", "Failed connection");
    }

    log.exit("retrieveUser", "user logged: " + userDetail);
    return userDetail;
}

My security.xml file

<http auto-config='true'>
    <intercept-url pattern="/**/*.ico" filters="none" />
    <intercept-url pattern="/**/*.gif" filters="none" />
    <intercept-url pattern="/**/*.jpg" filters="none" />
    <intercept-url pattern="/**/*.css" filters="none" />
    <intercept-url pattern="/**/*.js" filters="none" />
    <intercept-url pattern="/**/*.png" filters="none" />
    <intercept-url pattern="/logout.jsp*" filters="none" />
    <intercept-url pattern="/index.jsp*" filters="none" />
    <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
    <logout logout-success-url="/index.jsp"/>


    <form-login login-page="/index.jsp"
    authentication-failure-url="/error_ldap.jsp" 
    default-target-url="/main_ldap.jsp" always-use-default-target="true" />                 
    </http>

<authentication-manager>
    <authentication-provider ref="ldapAuthenticationProvider">  
        <password-encoder hash="sha" /> 
    </authentication-provider>
</authentication-manager> 

When login is suceed I got redirect to main_ldap.jsp, but if authentication fail, I got this error. I tried to throw exception UsernameNotFoundException instead returning null in retrieveUser method (which is not allowed) but anything happend (only i got this exception).

Answer 1

You can connect to LDAP from java:

http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html

but spring security already has ldap integration, you can use of the methods described here:

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html

...

xml config for using your own UserDetails service is:

<b:bean id="userDetailsService" class="your.class.here">
</b:bean>
<authentication-provider user-service-ref="userDetailsService">
</authentication-provider>