Spring LDAP 身份验证(自动与否?)

发布于 2024-10-14 05:39:02 字数 1462 浏览 6 评论 0原文

我通读了 Spring LDAP 参考文档< /a> 并且无法确定针对 LDAP 服务器的用户身份验证是否是自动的。

我所说的“自动化”是指,如果您在 ContextSource 中提供 userDn 和密码,那么它会在 bean 实例化时自动发生。也就是说,程序员永远不必调用 LdapTemplate.authenticate(...) - 它发生在“幕后”。

所以我想知道

  1. Spring LDAP 身份验证是否是自动的
  2. 是否有我可以设置的字段来更改此行为

谢谢,
ktm


编辑:我在我编写的一些代码的上下文中问这个问题。以下 ContextSource 是我的 beans 文件中的上下文源之一,用户可以选择使用它。它用于在运行时配置 userDn 和密码(出于安全原因)。我想知道 LDAP 应用程序是否实际上会使用我在身份验证运行时收集的 userDn/密码。 (身份验证是否在我的代码执行之前进行?它是否会忽略我的代码配置的 userDn/密码字段?)

public class RuntimeContext extends LdapContextSource {

    public RuntimeContext() {
        super();
        if (!resolveAuthInfo()) {
            System.out.println("Failed to resolve auth info. Exiting...");
            System.exit(1);
        }
    }

    public boolean resolveAuthInfo()
    {
        String myUserDn, myPassword;
        try {
            BufferedReader br = new BufferedReader(
                    new InputStreamReader(System.in));
            System.out.print("userDn: ");
            myUserDn = br.readLine();
            System.out.print("password: ");
            myPassword = br.readLine();
        } catch (IOException e) {
            return false;
        }
        super.setUserDn(myUserDn);
        super.setPassword(myPassword);
        return true;
    }
}

I read through the Spring LDAP reference docs and was unable to figure out whether user authentication against the LDAP server is automated or not.

By "automated" I mean that it happens automatically on bean instantiation if you provide userDn and password in your ContextSource. That is to say, the programmer never has to call LdapTemplate.authenticate(...) - it happens "behind-the-scenes".

So I would like to know

  1. If Spring LDAP authentication is automatic
  2. If there are fields I can set to change this behavior

Thanks,
ktm


EDIT: I ask this question in the context of some code that I wrote. The following ContextSource is one of the context sources in my beans file, which the user can opt to use. It is used to configure the userDn and password at runtime (for security reasons). I want to know whether the LDAP application will actually use the userDn/password that I collect at runtime in the authentication. (Does the authentication precede the execution of my code? Does it ignore the userDn/password fields that my code configures?)

public class RuntimeContext extends LdapContextSource {

    public RuntimeContext() {
        super();
        if (!resolveAuthInfo()) {
            System.out.println("Failed to resolve auth info. Exiting...");
            System.exit(1);
        }
    }

    public boolean resolveAuthInfo()
    {
        String myUserDn, myPassword;
        try {
            BufferedReader br = new BufferedReader(
                    new InputStreamReader(System.in));
            System.out.print("userDn: ");
            myUserDn = br.readLine();
            System.out.print("password: ");
            myPassword = br.readLine();
        } catch (IOException e) {
            return false;
        }
        super.setUserDn(myUserDn);
        super.setPassword(myPassword);
        return true;
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

说谎友 2024-10-21 05:39:02

<块引用>

我想知道 LDAP 应用程序是否实际上会使用我在身份验证运行时收集的 userDn/密码。

http://static.springsource.org/spring -security/site/docs/3.0.x/reference/ldap.html

它将使用您在运行时收集的用户名和密码。根据您配置 bean 的方式,LDAP 身份验证将使用 Spring 中的两个路径之一:

  1. 绑定身份验证(使用 BindAuthenticator)
  2. 密码比较(使用 PasswordComparisonAuthenticator)

这些身份验证器在内部调用LdapAuthenticationProvider 的上下文,可以在安全命名空间配置中配置为身份验证器:

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="usernamePasswordUserDetailsService">
        <password-encoder ref="passwordEncoder">
            <salt-source ref="saltSource"/>
        </password-encoder>
    </authentication-provider>
    <authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>

当调用 UsernamePasswordAuthenticationFilter 时(通过 /auth/login 页面):

<http auto-config="true">
    <form-login login-page="/auth/login"
                login-processing-url="/auth/j_security_check"/>
    <logout invalidate-session="true" logout-url="/auth/logout"/>
</http>

令牌是使用用户名和密码创建。 LdapAuthenticationProvider 响应该令牌类型:

public class LdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {

    ...

    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
}

并使用您存储在 LdapContextSource 中的信息进行身份验证。

I want to know whether the LDAP application will actually use the userDn/password that I collect at runtime in the authentication.

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html

It will use the userDn and password that you collect at runtime. Based on how you configure your beans, LDAP authentication will use one of two paths in Spring:

  1. Bind Authentication (using BindAuthenticator)
  2. Password Comparison (using PasswordComparisonAuthenticator)

These authenticators are called within the context of the LdapAuthenticationProvider which can be configured as an authenticator in the security namespace configuration:

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="usernamePasswordUserDetailsService">
        <password-encoder ref="passwordEncoder">
            <salt-source ref="saltSource"/>
        </password-encoder>
    </authentication-provider>
    <authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>

When the UsernamePasswordAuthenticationFilter is invoked (via the /auth/login page):

<http auto-config="true">
    <form-login login-page="/auth/login"
                login-processing-url="/auth/j_security_check"/>
    <logout invalidate-session="true" logout-url="/auth/logout"/>
</http>

a token is created with the username and password. The LdapAuthenticationProvider responds to that token type:

public class LdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {

    ...

    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
}

And uses the information you stored in the LdapContextSource to do the authentication.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文