stackoom
  简体   繁体   中英

securing an application with spring security and LDAP

 原文  2019-12-13 09:47:55       spring/ spring-boot/ spring-security/ ldap

Question

I am very new to spring security. I want to implement it in my spring boot application with LDAP. Whenever I try to understand the concepts of security, i end up in confused state. can somebody suggest me a guide or give me a gist of what spring security does. In my project, am using only spring security and LDAP. What I observe is, spring boot creates it's own login page and once the user is authenticated, it sets a cookie called JSESSIONID and for further requests, it is using that session Id only.We can clear that session id during logout. But I also heard the concept of token base authentication, so am not sure if I want to use that or not. The secured URLs are called from a external angular application. Can someone help ..

1 answers

solution1
 0  2019-12-13 15:04:19

You can use Spring Security LDAP.

Add these dependencies to your pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.ldap</groupId>
    <artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
    <groupId>com.unboundid</groupId>
    <artifactId>unboundid-ldapsdk</artifactId>
</dependency>

And then you have to create a configuration class:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userDnPatterns("uid={0},ou=people")
        .groupSearchBase("ou=groups")
        .contextSource()
          .url("ldap://localhost:8389/dc=springframework,dc=org")
          .and()
        .passwordCompare()
          .passwordEncoder(new LdapShaPasswordEncoder())
          .passwordAttribute("userPassword");
  }

}

Please find the whole guide here:

https://spring.io/guides/gs/authenticating-ldap/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security - OAuth, LDAP Integration for multitenant application Securing REST microservices with Spring Security Securing RESTful api with Spring Security Spring Security: Securing URL and Parameters Securing GWT servlets with Spring Security Securing REST API with Spring Security Spring Security and LDAP authentication Spring security LDAP connection Spring Security and multiple LDAP Spring Security ldap
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM