I am currently following Spring.io tutorials. The links are Authenicating-ladp and securing-web
I can see that they are very similar besides the configuration.
LDAP
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource(contextSource())
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
@Bean
public DefaultSpringSecurityContextSource contextSource() {
return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
}
securing-web
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
What are the pro and cons of using each? Which one is preferred for best practices?
In-memory authentication is the simplest form, and requires that the credentials for all users be specified in the code itself. This is impractical in all but the simplest cases.
LDAP authentication involves authenticating against the LDAP access system, used in many organisations and enterprises around the world. It is considerably more flexible, and therefore more complicated.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.