如何使用 spring security 从 LdapUserDetailsMapper 中的 LDAP 访问用户密码?
我们在基于 Spring MVC 的 Web 应用程序中使用 Spring Security。
我们正在使用 Spring Security 的 LDAP 模块进行身份验证,该模块工作正常。现在我需要从 LDAP 获取用户密码以保存在数据库中。
为此,我在我的代码中使用了它。
public class PersonContextMapper implements UserDetailsContextMapper {
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authorities) {
Person.Essence p = new Person.Essence(ctx);
p.setUsername(username);
p.setAuthorities(authorities);
Object passwordValue = ctx.getObjectAttribute("userPassword");
return p.createUserDetails();
}
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
Assert.isInstanceOf(Person.class, user, "UserDetails must be a Person instance");
Person p = (Person) user;
p.populateContext(ctx);
}
}
但我没有得到密码的任何值。它始终为空。
请帮忙。
附言。我的认证成功了这意味着登录表单中输入的密码与 LDAP 中存储的密码正确匹配。
We are using spring security in our web application based on spring MVC.
We are doing authentication using LDAP module of spring security which is working properly. Now I need to get the user password from LDAP for saving in the database.
For this I am using this in my code.
public class PersonContextMapper implements UserDetailsContextMapper {
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authorities) {
Person.Essence p = new Person.Essence(ctx);
p.setUsername(username);
p.setAuthorities(authorities);
Object passwordValue = ctx.getObjectAttribute("userPassword");
return p.createUserDetails();
}
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
Assert.isInstanceOf(Person.class, user, "UserDetails must be a Person instance");
Person p = (Person) user;
p.populateContext(ctx);
}
}
But I am not getting the any value for the password. Its always null.
Please help.
PS. My authentication is successful. It means password entered in the login form is matches properly with the password stored in the LDAP.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
连接的身份验证状态可能无权读取
userPassword属性的值。大多数情况下,应用程序会向目录服务器发出 BIND 请求,其中包括必要的适当控制。密码包含在 BIND 请求中,并且目录服务器在成功完成 BIND 请求后更改连接的身份验证状态。无论如何,userPassword属性的值通常会被加密或散列,应用程序无需读取该值。It might be that the authentication state of the connection does not have permission to read the value of the
userPasswordattribute. Most often, applications issue a BIND request to the directory server, including appropriate controls as necessary. The password is included in the BIND request and the directory server changes the authentication state of the connection upon successful completion of the BIND request. In any case, the value of theuserPasswordattribute is encrypted or hashed more often than not, and applications have no need to read the value.