stackoom
  简体   繁体   中英

Configure Spring Security with Weblogic LDAP authenticator

 原文  2012-03-27 11:32:27       spring/ security/ ldap/ weblogic

Question

I'm trying to set up Spring Security in my application using a LDAP authenticator configured in an Oracle Weblogic Server 10.3.

I've been searching on the internet, but all I find is how to set the LDAP right into the spring-security.xml, but nothing about somehow importing the configuration I have on the server into it, so when I try to log-in, it checks the user and password with the authenticator on the server.

I want to do so because I don't have access to the configuration of the LDAP (it's on a production environment), so I have to send the data directly to it.

Is there any way to accomplish this?

1 answers

solution1
 0  2012-03-27 11:54:59

You need to create a custom AuthenticationHandler and declare it in your Spring Security configuration or you can write your own UserDetailsService that performs the LDAP query for you. 

<authentication-manager>
    <authentication-provider user-service-ref="jbossLdapController" >
       <password-encoder hash="sha" base64="true" ref="passwordEncoder">
          <salt-source ref="saltSource"/>
       </password-encoder>
    </authentication-provider>
</authentication-manager>

With this you can create a class that implements UserDetailsService to get all the functionality of this without having to implement it all by hand using a typical custom authentication handler. 

public class JBossLdapController implements UserDetailsService {
      ReflectionSaltSource saltSource;
      public void setSaltSource(ReflectionSaltSource saltSource) {
         this.saltSource = saltSource;
      }

      ShaPasswordEncoder passwordEncoder;
      public void setPasswordEncoder(ShaPasswordEncoder passwordEncoder) {
         this.passwordEncoder = passwordEncoder;
      }

      // LDAP stuff

      @Override
      public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
         // Build user details, call LDAP query.  User details functionality of Spring will automatically compare user supplied credentials with hash and salt source versus username and encrypted password in UserDetails object.
      }

Keep in mind that this is just an example of how this can be done without giving up the benefits of the Spring Security UserDetails functionality. Of course, without knowing more about your LDAP provider, the passwords may not be SHA encrypted with a salt.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Configure Spring security for Ldap connection Dynamically Configure LDAP Server using Spring Security Configure ldap in grails 2.2.4 spring security core 2.0? Spring Security and LDAP authentication Grails Spring Security LDAP Spring Security LDAP Configuration Spring Security 3 with LDAP and TokenBasedRememberMeServices Spring security LDAP connection Spring Security and multiple LDAP Spring Security ldap
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM