一、LDAP server在哪

By default, Spring Security’s LDAP authentication assumes that the LDAP server is listening on port 33389 on localhost. But if your LDAP server is on another machine,you can use the contextSource() method to configure the location:

 @Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource().url("ldap://habuma.com:389/dc=habuma,dc=com");
}

The contextSource() method returns a ContextSourceBuilder , which, among other things, offers the url() method that lets you specify the location of the LDAP server.

二、设置LDAP server

If you don’t happen to have an LDAP server lying around waiting to be authenticated
against, Spring Security can provide an embedded LDAP server for you. Instead of set-
ting the URL to a remote LDAP server, you can specify the root suffix for the embed-
ded server via the root() method:

 @Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource()
.root("dc=habuma,dc=com");
}

When the LDAP server starts, it will attempt to load data from any LDIF files that it can
find in the classpath. LDIF ( LDAP Data Interchange Format) is a standard way of rep-
resenting LDAP data in a plain text file. Each record is composed of one or more lines,
each containing a name:value pair. Records are separated from each other by blank
lines.
If you’d rather that Spring not rummage through your classpath looking for just
any LDIF files it can find, you can be more explicit about which LDIF file gets loaded
by calling the ldif() method:

 @Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource()
.root("dc=habuma,dc=com")
.ldif("classpath:users.ldif");
}

Here you specifically ask the LDAP server to load its content from the users.ldif file at
the root of the classpath. In case you’re curious, here’s an LDIF file that you could use
to load the embedded LDAP server with user data:

 dn: ou=groups,dc=habuma,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=habuma,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=habuma,ou=people,dc=habuma,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Craig Walls
sn: Walls
uid: habuma
userPassword: password
dn: uid=jsmith,ou=people,dc=habuma,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: John Smith
sn: Smith
uid: jsmith
userPassword: password
dn: cn=spittr,ou=groups,dc=habuma,dc=com
objectclass: top
objectclass: groupOfNames
cn: spittr
member: uid=habuma,ou=people,dc=habuma,dc=com

Spring Security’s built-in user stores are convenient and cover the most common use
cases. But if your authentication needs are of the uncommon variety, you may need to
create and configure a custom user-details service.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. echarts标准饼图(二)——标题(title)配置

    标题(title)配置 <!DOCTYPE html> <html lang="en"> <head> <meta charset=&qu ...

  2. css3学习笔记之用户界面

    CSS3 调整尺寸(Resizing) CSS3中,resize属性指定一个元素是否应该由用户去调整大小. 这个 div 元素由用户调整大小. (在 Firefox 4+, Chrome, 和 Saf ...

  3. 一种简单的权限管理ER图设计

    权限管理支持动态地管理用户的角色和权限.权限代表用户可以在什么对象上进行什么操作:角色是一组权限的集合. PS:当增加或删除某个用户的角色时,系统自动将该角色对应的权限(角色 -权限关联表)增加或删除 ...

  4. QT设置窗口屏幕居中

    int main(int argc, char *argv[]){  QApplication ap(argc, argv);  QDesktopWidget *pDesk = QApplicatio ...

  5. OpenCV3读取视频或摄像头

    我们可以利用OpenCV读取视频文件或者摄像头的数据,将其保存为图像,以用于后期处理.下面的实例代码展示了简单的读取和显示操作: // This is a demo introduces you to ...

  6. asp.net 后台 修改 javascript 变量

    Util.JSSetChange(Page, GetType()); public static void JSSetChange(Page page, Type cstype) { // Defin ...

  7. 分享php中四种webservice实现的简单架构方法及实例[转载]

    [转载]http://www.itokit.com/2012/0417/73615.html 本人所了解的webservice有以下几种:PHP本身的SOAP,开源的NUSOAP,商业版的PHPRPC ...

  8. CentOS平台下为Python添加MongoDB支持PyMongo

    下载PyMongo [root@leezhen ~]# wget https://pypi.python.org/packages/source/p/pymongo/pymongo-2.6.3.tar ...

  9. php判断服务器是否支持Gzip压缩功能

    Gzip可以压缩网页大小从而达到加速打开网页的速度,目前主流的浏览器几乎都支持这个功能,但开启Gzip是需要服务器支持的,在这里我们简单的使用php来判断服务器是否支持Gzip功能. 新建一个php类 ...

  10. PHP学习之开发工具

    刚接触PHP,必然需要一套完整的开发工具.每个语言都有各种各样的编辑工具.采用了相对来说比较了解的Eclipse来作为开发工具. 1.要是用Eclipse需要安装JDK或JRE(Eclipse本身就是 ...