一、

The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.

If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare();

 }

By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare()

         .passwordEncoder(new Md5PasswordEncoder())

         .passwordAttribute("passcode");

 }

In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

随机推荐

  1. Comparator和Comparable

    java.util 接口 Comparator<T>   compare int compare(T o1, T o2) 比较用来排序的两个参数.根据第一个参数小于.等于或大于第二个参数分 ...

  2. Java中浮点数的基础知识

    偶然查看Math.round的JDK public static int round(float a) { if (a != 0x1.fffffep-2f) // greatest float val ...

  3. CodeBlock使用技巧

    CodeBlock是一款采用C++编写的完全开源.功能强大的IDE,工欲善其事必先利其器,为了更加方便后期的开发调试,下面先就网上的一些 官方主页地址为:    http://www.codebloc ...

  4. Android Studio生成APK自动追加版本号

    转载说明 本篇文章可能已经更新,最新文章请转:http://www.sollyu.com/android-apk-studio-generated-automatically-appends-a-ve ...

  5. DigitalOcean(DO)购买VPS流程

    背景: 对于一个程序员来说,拥有自己的一台国外服务器是一种多么激动的事情,尽管配置不如自己电脑的1/5,但是想一想可以不用备案搭建网站,可以搭建shadow服务器,从此通过自己的服务器上网,想一想真是 ...

  6. angular的ng-class

    项目内想到要替换class时,第一反应是使用angular最为简单粗暴的class改变方式: 在angular中为我们提供了3种方案处理class:        1:scope变量绑定,如上例.(不 ...

  7. listView异步处理图片下载缓存

    package cn.wangmeng.test; import java.io.File;import java.io.FileOutputStream;import java.io.IOExcep ...

  8. 51nod1264线段相交

    1264 线段相交 基准时间限制:1 秒 空间限制:131072 KB 分值: 0 难度:基础题 给出平面上两条线段的两个端点,判断这两条线段是否相交(有一个公共点或有部分重合认为相交). 如果相交, ...

  9. phpcms v9二级栏目生成到根目录后三级栏目无法访问的解决办法

    这个栏目问题折腾了我一天多,可怜我这个美工又不会程序!!! 我的问题是: 我的栏目设置如下: 一级栏目[生成到根目录(是)]> 二级栏目[生成到根目录(是)] > 三级栏目[生成到根目录( ...

  10. .NET基础之集合

    集合可以说是数组的超集,集合可以维护对象数组,集合包含了更高级的功能.例如控制对其包含的对象的访问.搜索和排序等.数组是固定的,一旦我们创建好了数组,不能在现有数组的末尾添加新项,除非我们创建新的数组 ...