Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/326.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java LDAP+;Spring:如何正确地进行身份验证?_Java_Spring_Ldap - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java LDAP+;Spring:如何正确地进行身份验证?

Java LDAP+;Spring:如何正确地进行身份验证?

java spring ldap

Java LDAP+;Spring:如何正确地进行身份验证?,java,spring,ldap,Java,Spring,Ldap,我通过Spring实现LDAP身份验证。在我的例子中,我使用ActiveDirectoryLdapAuthenticationProvider 看起来像这样: private Authentication authenticate(String username, String password, HelpDescUser userDetails) { String url = "ldap://" + ldapHost + ":" + port + "/"; Active

我通过Spring实现LDAP身份验证。在我的例子中,我使用
ActiveDirectoryLdapAuthenticationProvider

看起来像这样:

    private Authentication authenticate(String username, String password, HelpDescUser userDetails) {
    String url = "ldap://" + ldapHost + ":" + port + "/";
    ActiveDirectoryLdapAuthenticationProvider ldapProvider =
            new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
    String filterWithName = String.format(filter, username);
    ldapProvider.setSearchFilter(filterWithName);
    ldapProvider.setContextEnvironmentProperties(createProperties(username, password));
    ldapProvider.setConvertSubErrorCodesToExceptions(true);
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, password);

    Authentication authenticate;
    try {
        authenticate = ldapProvider.authenticate(authentication);
    } catch (Exception e) {
        throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
    }
    if (Objects.nonNull(authenticate) && authenticate.isAuthenticated()) {
        return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
    } else {
        throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
    }
}


private Map<String, Object> createProperties(String username, String password) {
        Map<String, Object> properties = new HashMap<>();
        properties.put(Context.SECURITY_PRINCIPAL, username);
        properties.put(Context.SECURITY_CREDENTIALS, password);
        return properties;
}

私有身份验证(字符串用户名、字符串密码、HelpDescUser用户详细信息){
字符串url=“ldap://”+ldapHost+:“+port+”/”;
ActiveDirectoryLdapAuthenticationProvider ldapProvider=
新的ActiveDirectoryLdapAuthenticationProvider(域、url、根DN);
String filterWithName=String.format(过滤器,用户名);
ldapProvider.setSearchFilter(过滤器名称);
setContextEnvironmentProperties(createProperties(用户名、密码));
ldapProvider.setConvertSubErrorCodesToExceptions(true);
UsernamePasswordAuthenticationToken authentication=新的UsernamePasswordAuthenticationToken(用户名、密码);
认证;
试一试{
authenticate=ldapProvider.authenticate(身份验证);
}捕获(例外e){
抛出新的BadCredentialsException(“Пззззззззззззззазззазазаа107;
}
if(Objects.nonNull(authenticate)和&authenticate.isAuthenticated(){
返回新的用户名PasswordAuthenticationToken(userDetails、password、userDetails.getAuthories());
}否则{
抛出新的BadCredentialsException(“Пззззззззззззззазззазазаа107;
}
}
私有映射createProperties(字符串用户名、字符串密码){
映射属性=新的HashMap();
properties.put(Context.SECURITY\u主体,用户名);
properties.put(Context.SECURITY\u凭证、密码);
归还财产;
}
我有个问题

正如我所理解的身份验证模式,当我们通过用户进行身份验证时,我们还需要有一个技术帐户。我们通过技术帐户进行绑定,然后发送用户登录名和密码,然后我们会收到回复。但是在这个模式中,我们绑定同一个用户进行身份验证,这是错误的-这个用户可能没有绑定的权限

请向我展示使用
Spring ActiveDirectoryLdapAuthenticationProvider进行身份验证的工作解决方案

当您声明ActiveDirectoryLdapAuthenticationProvider bean时,您可以使用setContextEnvironmentProperties()方法

例如:

@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
    ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, ldapUrls, ldapBase);
    setContextEnvironmentProperties(provider);
    return provider;
}

private void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider provider) {
    Map<String, Object> contextEnvironmentProperties = new HashMap<>();
    if (StringUtils.isNotEmpty(ldapUsername)) {
        contextEnvironmentProperties.put(Context.SECURITY_PRINCIPAL, ldapUsername);
    }
    if (StringUtils.isNotEmpty(ldapPassword)) {
        contextEnvironmentProperties.put(Context.SECURITY_CREDENTIALS, ldapPassword);
    }
    if (!contextEnvironmentProperties.isEmpty()) {
        provider.setContextEnvironmentProperties(contextEnvironmentProperties);
    }
}

@Bean
公共身份验证提供程序activeDirectoryLdapAuthenticationProvider(){
ActiveDirectoryLdapAuthenticationProvider=新的ActiveDirectoryLdapAuthenticationProvider(null,ldapURL,ldapBase);
setContextEnvironmentProperties(提供程序);
退货供应商;
}
私有void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider提供程序){
Map contextEnvironmentProperties=new HashMap();
if(StringUtils.isNotEmpty(ldapUsername)){
contextEnvironmentProperties.put(Context.SECURITY\u主体,ldapUsername);
}
if(StringUtils.isNotEmpty(ldapPassword)){
contextEnvironmentProperties.put(Context.SECURITY\u凭证,ldapPassword);
}
如果(!contextEnvironmentProperties.isEmpty()){
setContextEnvironmentProperties(contextEnvironmentProperties);
}
}