一、

The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.

If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare();

 }

By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare()

         .passwordEncoder(new Md5PasswordEncoder())

         .passwordAttribute("passcode");

 }

In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

随机推荐

  1. [GeekBand] 探讨C++新标准之新语法——C++ 11~14

    一. 可变参数模板(Variadic Templates) 在C++11中,出现了参数数目可变的模板,这部分在之前C++高级编程的时候就有学习到. 其实,在C中就有类似的设定.最常用的printf() ...

  2. Git初始化与上传

    一: 现在git上Create个repository 二:进入要长传的工程目录打开git bash git initgit statusgit add .//add .的时候文件不要被占用. git ...

  3. Windows下bmp文件格式

    6.1 BMP文件格式 6.1.1 简介 位图文件(Bitmap-File,BMP)格式是Windows采用的图像文件存储格式,在Windows环境下运行的所有图像处理软件都支持这种格式.Window ...

  4. 实现android支持多线程断点续传下载器功能

    多线程断点下载流程图: 多线程断点续传下载原理介绍: 在下载的时候多个线程并发可以占用服务器端更多资源,从而加快下载速度手机端下载数据时难免会出现无信号断线.电量不足等情况,所以需要断点续传功能根据下 ...

  5. nand flash相关

    关于nandflash的说明,请参考其他. 现在先贴出来韦东山先生的代码,作我学习之用. @************************************************ @ Fil ...

  6. 【转】给Winform的button等控件添加快捷键

    ref: http://blog.sina.com.cn/s/blog_4cb9953f0100cy4z.html 第一种:Alt + *(按钮快捷键) 在大家给button.label.menuSt ...

  7. Linux下SCP的使用

    一.下载远程文件到本地 scp -i /Users/user/ssh/id_rsa root@192.168.1.8:/root/talk_server_redis/dump.rdb /Users/k ...

  8. CCNP第四天 OSPF综合实验(1)

    ospf综合实验(1) 本实验主要考察ospf中的接口上的多种工作方式 实验如图所示: 所用拓扑为CCNP标准版,如图: --------------------------------------- ...

  9. 《WPF程序设计指南》读书笔记——第7章 Canvas

    1.Canvas面板 using System; using System.Windows; using System.Windows.Controls; using System.Windows.M ...

  10. 第2章 Git安装与设置

    2.1 安装Git 略 2.2 设置Git 通过命令git config,用户可以把此类信息提供给本地版本库. 全局变量:在这台计算机上使用任何Git版本库时,这些全局变量的值都起作用.在相关命令中加 ...