Spring boot LDAP自定义身份验证筛选器
我有一个自定义身份验证CustomAuthenticationProvider类,它通过点击LDAP远程服务器对用户进行身份验证。我成功地创建和配置了自定义身份验证提供程序,但在调用SecurityConfiguration中定义的doAuthentication方法时遇到了问题Spring boot LDAP自定义身份验证筛选器,spring-boot,spring-security,spring-security-ldap,Spring Boot,Spring Security,Spring Security Ldap,我有一个自定义身份验证CustomAuthenticationProvider类,它通过点击LDAP远程服务器对用户进行身份验证。我成功地创建和配置了自定义身份验证提供程序,但在调用SecurityConfiguration中定义的doAuthentication方法时遇到了问题 @Component public class CustomAuthenticationProvider implements AuthenticationProvider { private final Logge
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private final Logger log=LoggerFactory.getLogger(CustomAuthenticationProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (username == null) {
throw new BadCredentialsException("User is not found");
}
if (password == null) {
throw new BadCredentialsException("Password is not found");
}
try {
LdapContextSource ldapContextSource = new LdapContextSource();
ldapContextSource.setUrl("ldap://jnj.com:3268");
ldapContextSource.setBase("dc=jnj,dc=com");
ldapContextSource.setUserDn(username);
ldapContextSource.setPassword(password);
try {
// initialize the context
ldapContextSource.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
ldapTemplate.afterPropertiesSet();
// ldapTemplate.setIgnorePartialResultException(true); // Active Directory doesn’t transparently handle referrals. This fixes that.
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("sAMAccountName", username));
try {
boolean authed = ldapTemplate.authenticate("", filter.toString(), password);
log.debug("Auuthenticated : "+authed);
} catch (org.springframework.ldap.AuthenticationException ee) {
//userDisplay.setText(“Invalid Username/Password”);
}
} catch (Exception e) {
e.printStackTrace();
}
Collection<? extends GrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password, authorities);
return authenticationToken;
// return new UsernamePasswordAuthenticationToken(username,password);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
此方法我需要调用LDAP
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
String username = auth.getName();
String password = (String) auth.getCredentials();
DirContext ctx = bindAsUser(username, password);
try {
return searchForUser(ctx, username);
} catch (NamingException e) {
log.error("Failed to locate directory entry for authenticated user: " + username, e);
throw badCredentials(e);
} finally {
LdapUtils.closeContext(ctx);
}
}
为什么需要自定义身份验证提供程序?只有Active Directory允许通过属性(此处为“samAccountName”)对用户进行身份验证。这是不符合LDAP的。@BernhardThalmayr实际上,我正在尝试在Spring Boot中集成LDAP身份验证,但无法做到这一点。我认为缺少一些配置。如果您使用的是Microsoft AD(其行为与LDAPv3目录服务器不同),则可以使用ActiveDirectoryLdapAuthenticationProvider。如果您不使用AD,但使用LDAPv3目录服务器,则可以将LdapAuthenticationProvider与BindAuthenticator一起使用。不管这是弹簧靴。AD也适用于后者,但您不能使用所谓的“userPrincipalName”(samAccountName@AD-域)作为“LoginID”
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
String username = auth.getName();
String password = (String) auth.getCredentials();
DirContext ctx = bindAsUser(username, password);
try {
return searchForUser(ctx, username);
} catch (NamingException e) {
log.error("Failed to locate directory entry for authenticated user: " + username, e);
throw badCredentials(e);
} finally {
LdapUtils.closeContext(ctx);
}
}