以Spring Security建立LDAP Client連線認證

public static void main(String[] args) {
LdapContextSource contextSource = new LdapContextSource();
contextSource.setUrl(“ldap://127.0.0.1:389″);
contextSource.setBase(“dc=TW,dc=MYCOM,dc=COM");
contextSource.setUserDn(“uid=ISC9999Y,cn=users,dc=TW,dc=MYCOM,dc=COM");
contextSource.setPassword(“password");
try {
contextSource.afterPropertiesSet();
} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}

BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserSearch(new FilterBasedLdapUserSearch(“", “uid={0}", contextSource));

DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource, “cn=users");
// authoritiesPopulator.setGroupSearchFilter(“uid={0}");
authoritiesPopulator.setConvertToUpperCase(false);
authoritiesPopulator.setRolePrefix(“");
authoritiesPopulator.setSearchSubtree(true);

LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator, authoritiesPopulator);

UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(“useraccount", “userpasswd");
try {
Authentication ret = provider.authenticate(token);
System.out.println(ret.getAuthorities());
// Collection<? extends GrantedAuthority> authorities = ret.getAuthorities();
} catch( Exception e ){
e.printStackTrace();
}

}

或是在 securityContext.xml設定

<sec:authentication-manager alias="authenticationManager">
<!– LDAP設定 –>
<sec:authentication-provider ref="ldapAuthProvider"/>
</sec:authentication-manager>

並且再加入:

<!– LDAP設定 –>
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://127.0.0.1:389/dc=TW,dc=MYCOM,dc=COM"/>
<property name="userDn" value="uid=ISC9999Y,cn=users,dc=TW,dc=MYCOM,dc=COM"/>
<property name="password" value="password"/>
</bean>

<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0″ value=""/>
<constructor-arg index="1″ value="uid={0}"/>
<constructor-arg index="2″ ref="contextSource" />
</bean>
</property>
<property name="userDnPatterns">
<list>
<value>uid={0},cn=users,dc=TW,dc=MYCOM,dc=COM</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="cn=users"/>
<property name="defaultRole" value="com-user"/>
</bean>
</constructor-arg>

</bean>

 

廣告

About fenjj

Perfect !!??...
本篇發表於 Uncategorized。將永久鏈結加入書籤。

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s