一、

The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.

If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare();

 }

By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .ldapAuthentication()

         .userSearchBase("ou=people")

         .userSearchFilter("(uid={0})")

         .groupSearchBase("ou=groups")

         .groupSearchFilter("member={0}")

         .passwordCompare()

         .passwordEncoder(new Md5PasswordEncoder())

         .passwordAttribute("passcode");

 }

In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

随机推荐

  1. c#学习汇总-----------------多态

    刚开通了博客园的博客,原因是我的师兄和前辈们在这里写的一些学习笔记让我受益匪浅,所以决定从今天起用这个平台来记录我的点滴学习心得.我喜欢GIS二次开发,以后应该也不会脱离于此,对于编程我积累的知识太零 ...

  2. jQuery动态添加元素并绑定事件

    写网页的时候常常需要根据实际情况添加新的元素,然后这些新元素还需要绑定已有的事件,如:有一ul,点击其中某 li,根据其 id 或 value 等获取新的数据列表,并新建 ul 显示,新 ul 中的 ...

  3. 上下问语句句柄Release地方

    OCI--在QUERY中 CLI--在FETCH中 在父类中定义了public—Release和protected—Release,protected—Release在public—Release中被 ...

  4. linux FTP 批量下载文件

    wget是一个从网络上自动下载文件的自由工具,支持通过HTTP.HTTPS.FTP三个最常见的TCP/IP协议下载,并可以使用HTTP代理.wget名称的由来是“World Wide Web”与“ge ...

  5. DEDECMS中,获取面包屑导航

    获取面包屑导航 {dede:field name='position'/} {dede:field.position/}

  6. 学习笔记--Quartz定时器

    文章同步发表在博主网站朗度云,传输门:http://www.wolfbe.com/detail/201608/338.html 1.Quartz定时器执行流程 Quartz需要定义执行任务.触发器,在 ...

  7. 让nginx支持PHP

    MAC为例 1.安装nginx brew install nginx 2.查找nginx配置文件在什么地方 find /|grep nginx.conf 3.修改配置文件nginx.conf cd / ...

  8. 转发 PHP 资料(一)

    WebShell隐藏思路.webshell磁盘读写动态检测.webshell沙箱动态检测(2)   作为WebShell检测.CMS修复.WebShell攻防研究学习的第二篇文章 本文旨在研究Webs ...

  9. Nginx Location配置总结及基础最佳实践

    参考来源: http://blog.zol.com.cn/1067/article_1066186.html,http://flandycheng.blog.51cto.com/855176/2801 ...

  10. wordpress在Linux nginx下权限设置

    1.wordpress 权限对安装和使用效果的影响很大:权限错误将影响theme的安装:不能安装theme或者修改theme或删除theme. 相关设置:  chmod 755 wordpress f ...