Spring Security initial experience-LDAP Authentication

 

1Set the authentication methodLDAP

<Beans: Bean
Id = "ldapauthprovider"

Class = "org. springframework. Security. LDAP. Authentication.Ldapauthenticationprovider">

<Beans: constructor-Arg>

<Beans: Bean

Class = "org. springframework. Security. LDAP. Authentication. bindauthenticator">

<Beans: constructor-Arg
Ref = "contextsource"/>

<Beans: Property
Name = "userdnpatterns">

<Beans: List>

<Beans: value> Cn = {0}, Cn = users </beans: value>

</Beans: List>

</Beans: Property>

</Beans: bean>

</Beans: constructor-Arg>

<Beans: constructor-Arg>

<Beans: Bean

Class = "org. springframework. Security. LDAP. userdetails.Defaultldapauthoritiespopulator">

<Beans: constructor-Arg
Ref = "contextsource"/>

<Beans: constructor-Arg
Value = "cn = users"/>

<Beans: Property
Name = "grouproleattribute" value = "cn"/>

</Beans: bean>

</Beans: constructor-Arg>

</Beans: bean>

BytesAuthentication Method:UseLdapauthenticationprovider.ViewSpringsecurity
JavadocForLdapauthenticationproviderThe description is as follows::

An AuthenticationproviderImplementation that authenticates against an LDAP server.

There are always ways in which an LDAP directory
Can be configured so this class delegates most of its responsibilities to two
Separate strategy interfaces, LdapauthenticatorAndLdapauthoritiespopulator.

 

Ldapauthenticator:User InformationDemoUseBindauthenticator

This interface is responsible
For authentication the user authentication and retrieving the user's information
From the directory. 

 

Ldapauthoritiespopulator:User permission informationDemoUseDefaultldapauthoritiespopulator(

The default strategy for Obtaining user
Role information from the directory.

It obtains roles by grouping a search
For "groups" the user is a member.

)

Once the user has been authenticated,
This interface is called to obtain the set of Granted Authorities for the user.

 

 

¤ DNMode:SetCN = {0 }(User Name), Cn = users... DNCorrespondingDistingudenameInLDAPMust uniquely identify the user, Spring
SecurityWill automatically help youBasednAddUserdnBack,Configure according to the actual situation

BytesGrouproleattributeGroup corresponds to role information

 

2Configure authentication method

<Authentication-Manager>

<Authentication-provider
Ref = "ldapauthprovider">

</Authentication-provider>

</Authentication-Manager>

 

3Configure authentication server information

<Beans: Bean
Id = "contextsource"

Class = "org. springframework. Security. LDAP. defaultspringsecuritycontextsource">

<Beans: constructor-Arg
Value = "LDAP: // xxxxxx: 389/DC = xxx, Dc = xxx"/>

<Beans: Property
Name = "userdn"

Value = "cn = administrator, Cn = users, Dc = xxx, Dc = com"
/>

<Beans: Property
Name = "password" value = "XXXXX! "/>

</Beans: bean>

 

DefaspringspringsecuritycontextsourceIt mainly includes:

BytesProviderurl :LDAPAuthentication server address

BytesUserdn:LDAPServer login userDN

BytesPassword:LDAPServer user logon Password

 

Then configure the logon page and restricted page information.:

<Http
Use-expressions = "true"
Access-denied-page = "/accessdenied. jsp">

<Intercept-URL
Pattern = "/login. jsp" Access = "permitall"/>

<Intercept-URL
Pattern = "/**" Access = "hasrole ('Role _ user')"/>

<Form-Login
Login-page = "/login. jsp"

Authentication-failure-url = "/login. jsp? Error = true"

Default-target-url = "/"
/>

<Logout
Logout-success-url = "/login. jsp"/>

</HTTP>

 

So that you can log on:

The information after logon is as follows::

 

Obtain logon user information:

AddSpring SecurityTag:

<% @
Taglib prefix = "Sec"

Uri = "http://www.springframework.org/security/tags" %>

 

<Div>

Username
:

<Sec: Authentication
Property = "name"/>

</Div>

 

To obtain the permission list, you can use the followingCode:

List <grantedauthority>
Auths = (list <grantedauthority>) securitycontextholder. getcontext ()

. Getauthentication (). getauthorities ();

 

You can use LDAP for authentication.

 

In addition, if you want to obtain user property information, you must configure it in the provider node configured in xxxcontext. xml.

<Beans: bean id = "ldapauthprovider">

 

<Beans: property name = "userattributes">

<Beans: List>

<Beans: value> CN </beans: value>

<Beans: value> entrydn </beans: value>

<Beans: value> entryuuid </beans: value>

<Beans: value> mail </beans: value>

<Beans: value> givename </beans: value>

</Beans: List>

</Beans: Property>

</Beans: bean>

 

If you are using AD authentication and the obtained objectguid is a string, you need to add

<Bean id ="Contextsource"Class ="Org. springframework. LDAP. Core. Support. ldapcontextsource">

...

<Beans: property name = "baseenvironmentproperties">

<Beans: Map>

<Beans: Entry key = "Java. Naming. LDAP. Attributes. Binary" value = "objectguid"/>

</Beans: Map>

</Beans: Property>

...

</Bean>

In this way, the corresponding guid binary encoding information can be obtained.

 

If LDAP is used for identity authentication? You need to configure the entryuuid attribute in attribute, but the obtained string can be directly converted to UUID.