Java LDAP+;Spring:如何正确地进行身份验证?
我通过Spring实现LDAP身份验证。在我的例子中,我使用Java LDAP+;Spring:如何正确地进行身份验证?,java,spring,ldap,Java,Spring,Ldap,我通过Spring实现LDAP身份验证。在我的例子中,我使用ActiveDirectoryLdapAuthenticationProvider 看起来像这样: private Authentication authenticate(String username, String password, HelpDescUser userDetails) { String url = "ldap://" + ldapHost + ":" + port + "/"; Active
ActiveDirectoryLdapAuthenticationProvider
看起来像这样:
private Authentication authenticate(String username, String password, HelpDescUser userDetails) {
String url = "ldap://" + ldapHost + ":" + port + "/";
ActiveDirectoryLdapAuthenticationProvider ldapProvider =
new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
String filterWithName = String.format(filter, username);
ldapProvider.setSearchFilter(filterWithName);
ldapProvider.setContextEnvironmentProperties(createProperties(username, password));
ldapProvider.setConvertSubErrorCodesToExceptions(true);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, password);
Authentication authenticate;
try {
authenticate = ldapProvider.authenticate(authentication);
} catch (Exception e) {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
if (Objects.nonNull(authenticate) && authenticate.isAuthenticated()) {
return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
} else {
throw new BadCredentialsException("Пользователь не авторизован (сервер LDAP не подтвердил авторизацию).");
}
}
private Map<String, Object> createProperties(String username, String password) {
Map<String, Object> properties = new HashMap<>();
properties.put(Context.SECURITY_PRINCIPAL, username);
properties.put(Context.SECURITY_CREDENTIALS, password);
return properties;
}
私有身份验证(字符串用户名、字符串密码、HelpDescUser用户详细信息){
字符串url=“ldap://”+ldapHost+:“+port+”/”;
ActiveDirectoryLdapAuthenticationProvider ldapProvider=
新的ActiveDirectoryLdapAuthenticationProvider(域、url、根DN);
String filterWithName=String.format(过滤器,用户名);
ldapProvider.setSearchFilter(过滤器名称);
setContextEnvironmentProperties(createProperties(用户名、密码));
ldapProvider.setConvertSubErrorCodesToExceptions(true);
UsernamePasswordAuthenticationToken authentication=新的UsernamePasswordAuthenticationToken(用户名、密码);
认证;
试一试{
authenticate=ldapProvider.authenticate(身份验证);
}捕获(例外e){
抛出新的BadCredentialsException(“Пззззззззззззззазззазазаа107;
}
if(Objects.nonNull(authenticate)和&authenticate.isAuthenticated(){
返回新的用户名PasswordAuthenticationToken(userDetails、password、userDetails.getAuthories());
}否则{
抛出新的BadCredentialsException(“Пззззззззззззззазззазазаа107;
}
}
私有映射createProperties(字符串用户名、字符串密码){
映射属性=新的HashMap();
properties.put(Context.SECURITY\u主体,用户名);
properties.put(Context.SECURITY\u凭证、密码);
归还财产;
}
我有个问题
正如我所理解的身份验证模式,当我们通过用户进行身份验证时,我们还需要有一个技术帐户。我们通过技术帐户进行绑定,然后发送用户登录名和密码,然后我们会收到回复。但是在这个模式中,我们绑定同一个用户进行身份验证,这是错误的-这个用户可能没有绑定的权限
请向我展示使用
Spring ActiveDirectoryLdapAuthenticationProvider进行身份验证的工作解决方案
?当您声明ActiveDirectoryLdapAuthenticationProvider bean时,您可以使用setContextEnvironmentProperties()方法
例如:
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(null, ldapUrls, ldapBase);
setContextEnvironmentProperties(provider);
return provider;
}
private void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider provider) {
Map<String, Object> contextEnvironmentProperties = new HashMap<>();
if (StringUtils.isNotEmpty(ldapUsername)) {
contextEnvironmentProperties.put(Context.SECURITY_PRINCIPAL, ldapUsername);
}
if (StringUtils.isNotEmpty(ldapPassword)) {
contextEnvironmentProperties.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
if (!contextEnvironmentProperties.isEmpty()) {
provider.setContextEnvironmentProperties(contextEnvironmentProperties);
}
}
@Bean
公共身份验证提供程序activeDirectoryLdapAuthenticationProvider(){
ActiveDirectoryLdapAuthenticationProvider=新的ActiveDirectoryLdapAuthenticationProvider(null,ldapURL,ldapBase);
setContextEnvironmentProperties(提供程序);
退货供应商;
}
私有void setContextEnvironmentProperties(ActiveDirectoryLdapAuthenticationProvider提供程序){
Map contextEnvironmentProperties=new HashMap();
if(StringUtils.isNotEmpty(ldapUsername)){
contextEnvironmentProperties.put(Context.SECURITY\u主体,ldapUsername);
}
if(StringUtils.isNotEmpty(ldapPassword)){
contextEnvironmentProperties.put(Context.SECURITY\u凭证,ldapPassword);
}
如果(!contextEnvironmentProperties.isEmpty()){
setContextEnvironmentProperties(contextEnvironmentProperties);
}
}