Its a simple spring MVC application with just one controller. I only need 2-3 people to have access to this controller. The active directory names of the users will be stored in config. We don't see the need for ldap authentication. Any suggestions?
You can configure user service as
<authentication-manager>
<authentication-provider>
<user-service properties="classpath:users.properties</userservice>
</authentication-provider>
</authentication-manager>
and this will be a in-memory provider which does not provide an option to reload the properties file on change and expect restart the server. To restrict the session you can use:
<session-management>
<concurrency-control max-sessions="1" expired-url="/your-page-here" />
</session-management>
To restrict the users you create required no of users in property file as
username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
Eg.:
Jay=123Welcome,ROLE_USER,ROLE_ADMIN,enabled
Mike=SuperUser@123,ROLE_USER,enabled
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.