Spring LDAP 身份验证(自动与否?)
我通读了 Spring LDAP 参考文档< /a> 并且无法确定针对 LDAP 服务器的用户身份验证是否是自动的。
我所说的“自动化”是指,如果您在 ContextSource 中提供 userDn 和密码,那么它会在 bean 实例化时自动发生。也就是说,程序员永远不必调用 LdapTemplate.authenticate(...) - 它发生在“幕后”。
所以我想知道
- Spring LDAP 身份验证是否是自动的
- 是否有我可以设置的字段来更改此行为
谢谢,
ktm
编辑:我在我编写的一些代码的上下文中问这个问题。以下 ContextSource 是我的 beans 文件中的上下文源之一,用户可以选择使用它。它用于在运行时配置 userDn 和密码(出于安全原因)。我想知道 LDAP 应用程序是否实际上会使用我在身份验证运行时收集的 userDn/密码。 (身份验证是否在我的代码执行之前进行?它是否会忽略我的代码配置的 userDn/密码字段?)
public class RuntimeContext extends LdapContextSource {
public RuntimeContext() {
super();
if (!resolveAuthInfo()) {
System.out.println("Failed to resolve auth info. Exiting...");
System.exit(1);
}
}
public boolean resolveAuthInfo()
{
String myUserDn, myPassword;
try {
BufferedReader br = new BufferedReader(
new InputStreamReader(System.in));
System.out.print("userDn: ");
myUserDn = br.readLine();
System.out.print("password: ");
myPassword = br.readLine();
} catch (IOException e) {
return false;
}
super.setUserDn(myUserDn);
super.setPassword(myPassword);
return true;
}
}
I read through the Spring LDAP reference docs and was unable to figure out whether user authentication against the LDAP server is automated or not.
By "automated" I mean that it happens automatically on bean instantiation if you provide userDn and password in your ContextSource. That is to say, the programmer never has to call LdapTemplate.authenticate(...) - it happens "behind-the-scenes".
So I would like to know
- If Spring LDAP authentication is automatic
- If there are fields I can set to change this behavior
Thanks,
ktm
EDIT: I ask this question in the context of some code that I wrote. The following ContextSource is one of the context sources in my beans file, which the user can opt to use. It is used to configure the userDn and password at runtime (for security reasons). I want to know whether the LDAP application will actually use the userDn/password that I collect at runtime in the authentication. (Does the authentication precede the execution of my code? Does it ignore the userDn/password fields that my code configures?)
public class RuntimeContext extends LdapContextSource {
public RuntimeContext() {
super();
if (!resolveAuthInfo()) {
System.out.println("Failed to resolve auth info. Exiting...");
System.exit(1);
}
}
public boolean resolveAuthInfo()
{
String myUserDn, myPassword;
try {
BufferedReader br = new BufferedReader(
new InputStreamReader(System.in));
System.out.print("userDn: ");
myUserDn = br.readLine();
System.out.print("password: ");
myPassword = br.readLine();
} catch (IOException e) {
return false;
}
super.setUserDn(myUserDn);
super.setPassword(myPassword);
return true;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
http://static.springsource.org/spring -security/site/docs/3.0.x/reference/ldap.html
它将使用您在运行时收集的用户名和密码。根据您配置 bean 的方式,LDAP 身份验证将使用 Spring 中的两个路径之一:
这些身份验证器在内部调用
LdapAuthenticationProvider的上下文,可以在安全命名空间配置中配置为身份验证器:当调用
UsernamePasswordAuthenticationFilter时(通过 /auth/login 页面):令牌是使用用户名和密码创建。
LdapAuthenticationProvider响应该令牌类型:并使用您存储在
LdapContextSource中的信息进行身份验证。http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html
It will use the userDn and password that you collect at runtime. Based on how you configure your beans, LDAP authentication will use one of two paths in Spring:
BindAuthenticator)PasswordComparisonAuthenticator)These authenticators are called within the context of the
LdapAuthenticationProviderwhich can be configured as an authenticator in the security namespace configuration:When the
UsernamePasswordAuthenticationFilteris invoked (via the /auth/login page):a token is created with the username and password. The
LdapAuthenticationProviderresponds to that token type:And uses the information you stored in the
LdapContextSourceto do the authentication.