SpringBoot,如何在不使用ldif的情况下使用LDAP进行身份validation?
我在这里尝试SpringBoot中的LDAP身份validation示例
它使用的是我认为不适用于我的要求的ldif方法,因为我们的ldap管理员不会告诉我在哪里可以找到我需要的ldif。 在springboot之前,我曾经使用过自己的ldap实现而不是使用ldif。 有没有办法validation不使用ldif只是SECURITY_AUTHENTICATION.simple? 下面是我如何在基本的Java没有弹簧的ldap安全性。 如何在不使用ldif基本用户名密码的情况下在spring这样做。
boolean isLdapRegistred(String username, String password) { boolean result = false; try { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://10.xxx:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username); env.put(Context.SECURITY_CREDENTIALS, password); // Create the initial context DirContext ctx = new InitialDirContext(env); result = ctx != null; if (ctx != null) ctx.close(); System.out.println(result); return result; } catch (Exception e) { System.out.println("oops"); return result; } } 下面是SpringBoots示例需要使用我的凭据而不是ldif。
@Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups") .contextSource().ldif("classpath:test-server.ldif"); } }
没有LDIF,使用Spring,你可以做类似的事情:
@Configuration @EnableWebSecurity public class HttpSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(ldapAuthenticationProvider()); } @Bean public AuthenticationProvider ldapAuthenticationProvider() throws Exception { DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl); contextSource.setUserDn(ldapManagerDn); contextSource.setPassword(ldapManagerPassword); contextSource.afterPropertiesSet(); LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource); BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); bindAuthenticator.setUserSearch(ldapUserSearch); LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase)); return ldapAuthenticationProvider; } }
这个对我来说很完美,但我需要对它进行微小的修改。
@Configuration @EnableWebSecurity public class HttpSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(ldapAuthenticationProvider()); } @Bean public AuthenticationProvider ldapAuthenticationProvider() throws Exception { DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource( Arrays.asList("ldapServerUrl:port"),rootDn); contextSource.afterPropertiesSet(); LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource); BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); bindAuthenticator.setUserSearch(ldapUserSearch); LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase)); return ldapAuthenticationProvider; } }
在达到这一点之前,我已经遭受了几天的痛苦。其他明智的你可以使用自定义身份validation并制作这样的
@Component public class CustomAuthenticationProvider implements AuthenticationProvider { private Logger log = Logger.getLogger(CustomAuthenticationProvider.class); @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String email = authentication.getName(); String password = authentication.getCredentials().toString(); log.info("email : " + email); log.info("password : " + password); try { if (authenticate(email, password)) { // use the credentials // and authenticate against the third-party system return new UsernamePasswordAuthenticationToken( email, password, new ArrayList<>()); } else { return null; } } catch (NamingException ex) { log.info(ex); } return null; } boolean isLdapRegistred(String username, String password) { boolean result = false; try { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://10.xxx:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username); env.put(Context.SECURITY_CREDENTIALS, password); // Create the initial context DirContext ctx = new InitialDirContext(env); result = ctx != null; if (ctx != null) ctx.close(); System.out.println(result); return result; } catch (Exception e) { System.out.println("oops"); return result; } } @Override public boolean supports(Class authentication) { return authentication.equals( UsernamePasswordAuthenticationToken.class); } }
而在另一个class级
@Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private Logger log = Logger.getLogger(WebSecurityConfiguration.class); @Autowired private CustomAuthenticationProvider authProvider; @Override protected void configure( AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authProvider); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated() .and() .httpBasic(); } }
然后魔术发生了