如何使用xml配置文件、JAVA、Spring安全性通过LDAP对用户进行身份验证
在使用JNDI时,我的程序“用LDAP验证用户”(见附录)运行良好
根据要求,我必须使用xml格式的spring安全和配置文件(包含ldap信息)(不允许使用idlf文件)
我正在寻找一个JAVA代码片段(我使用的是1.8和spring),它将使用此Ldap。xml文件,用于为java提取所有相关信息以验证用户。需要使用spring安全性
我能在这方面得到帮助吗
LDAP。xml看起来像:
<?xml version='1.0'?>
<!-- The Security Module. This module will authenticate against AD
and determine authorization against the SECURITY_OWNER schema
-->
<application-policy name="something-targeting">
<authentication>
<login-module code="com.et.security.ETLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://pcocpwdom01.corp.something.com:389</module-option>
<module-option name="bindDN">CN=SVCLdapQry,OU=ServiceAccounts_Admins,OU=Data Services,DC=corp,DC=something,DC=com</module-option>
<module-option name="bindCredential">+byZB0ocHUQL0MDhd2mN3dSjskf2S7ff2hiCcCDThSE=</module-option>
<module-option name="baseCtxDN">DC=corp,DC=something,DC=com</module-option>
<module-option name="baseFilter">(samaccountname={0})</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
寻找类似以下内容:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource().ldif("classpath:LDAP.xml");
}
感谢您的帮助。如果需要更多信息,请告诉我
我尝试了以下例子:
他们中的任何一个都不能工作
附录A:
package com.something.online.ice.ui.authentication;
import java.util.Hashtable;
import java.util.Properties;
import javax.annotation.Resource;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
/**
*
* This is a solution that can be used to authenticate a user with something else than the DN, for example with a uid or sAMAccountName.
The steps to do are:
-Connect to the LDAP server
-Authenticate with a service user of whom we know the DN and credentials
-Search for the user you want to authenticate, search him with some attribute (for example sAMAccountName)
-Get the DN of the user we found
-Open another connection to the LDAP server with the found DN and the password
-If the user is found and authentication works, you are fine
*
*/
public class LdapAuthManagerJNDI
{
public static void main(String[] args)
{
LdapAuthManagerJNDI mgr = new LdapAuthManagerJNDI();
System.out.println(mgr.authenticateUsr("svc_oapusr", "pswd"));
}
public boolean authenticateUsr(String usrName, String pswd)
{
Hashtable<String, String> serviceEnv = new Hashtable<String, String>();
boolean authenticationresullt = false;
serviceEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
serviceEnv.put(Context.PROVIDER_URL, "ldap://pcocpwdom01.corp.something.com:389");
serviceEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
serviceEnv.put(Context.SECURITY_PRINCIPAL, "CN=SVCLdapQry,OU=ServiceAccounts_Admins,OU=Data Services,DC=corp,DC=something,DC=com");
serviceEnv.put(Context.SECURITY_CREDENTIALS, "ADR0cks!~");
// Create the initial context
DirContext serviceCtx;
try
{
serviceCtx = new InitialDirContext(serviceEnv);
}
catch (NamingException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
return false;
}
boolean serviceConnectionResult = serviceCtx != null;
if(serviceConnectionResult)
{
System.out.println("LDAP basic authorization is successful");
}
// user to authenticate
String identifyingAttribute = "samaccountname";
String ldapUrl = "ldap://pcocpwdom01.corp.something.com:389";
String base = "DC=corp,DC=something,DC=com";
// we don't need all attributes, just let it get the identifying one
String[] attributeFilter = { identifyingAttribute };
SearchControls sc = new SearchControls();
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
// use a search filter to find only the user we want to authenticate
String searchFilter = "(" + identifyingAttribute + "=" + usrName + ")";
NamingEnumeration<SearchResult> results = null;
try
{
results = serviceCtx.search(base, searchFilter, sc);
}
catch (NamingException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
DirContext usrCtx = null;
try {
if (results.hasMore()) {
// get the users DN (distinguishedName) from the result
SearchResult result = results.next();
String distinguishedName = result.getNameInNamespace();
// attempt another authentication, now with the user
Properties authEnv = new Properties();
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapUrl);
authEnv.put(Context.SECURITY_PRINCIPAL, distinguishedName);
authEnv.put(Context.SECURITY_CREDENTIALS, pswd);
usrCtx = new InitialDirContext(authEnv);
System.out.println("Authentication successful");
authenticationresullt = true;
}
} catch (NamingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
//close the service context
if(usrCtx != null)
try
{
usrCtx.close();
}
catch (NamingException e)
{
e.printStackTrace();
return false;
}
//close the service context
if(serviceCtx != null)
try
{
serviceCtx.close();
}
catch (NamingException e)
{
e.printStackTrace();
return false;
}
return authenticationresullt;
}
}
# 1 楼答案
我接着说:
实现“Spring安全Active Directory LDAP示例” Spring安全Active Directory LDAP”