I'm trying to use on my project a Kerberos authentication. It's for my company an internal service, and I want to authenticate the users, and retrieve from our Active Directory the groups of the users. For this, I'm using Spring Security, Kerberos extension and our company's AD.
The problem : I can authenticate with Kerberos, but our domain on AD is "WAN.CORP.COM". So I get my users with username@WAN.CORP.COM, and there's no filter I can ask with this on AD (userPrincipalName are like username@corp.com).
My security.xml contains :
<sec:ldap-user-service id="ldapUserService" server-ref="ldapCorp" user-search-filter="(userPrincipalName={0})" />
<sec:ldap-server id="ldapCorp" url="ldap://ldap.wan.corp.com:389/DC=wan,DC=corp,DC=com" manager-dn="CN=ldap read,OU=CORP,DC=wan,DC=corp,DC=com" manager-password="pass" />
But Spring Security sends an exception, because it can't retrieve user@WAN.CORP.COM...
Anyone can help me ? I'd like to make it by Spring Security directly, if not, I think I can get informations in a DummyUserDetailsService, I'm right ?
Thanks a lot, and sorry for my poor english...
Spring security 3.1 already has implementation of LDAP / AD auth.
see it here: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ldap.html#d0e6795 http://javarevisited.blogspot.com/2011/11/ldap-authentication-active-directory.html
You could provide your own UserDetailsService implementation into which you inject LdapUserDetailsService.
In loadUserByUsername method you can modify the username and then call LdapUserDetailsService's loadUserByUsername with the modified username.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.