Spring Essay 06 Verifying users with LDAP

Last Update:2017-09-06 Source: Internet

Author: User

Tags ldap

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

This section will teach you to build a project and add the Spring Security LDAP module to it in one step.

You will create a program that is encrypted with the services provided by Spring Security, which embeds Java basic LDAP encryption. You start the service by loading a configuration file that has a collection of user name passwords configured.

1, build a simple controller.
The controller writes back a simple sentence to the front end.
As follows:

1  Packagecn.tiny77.guide06;2 3 Importorg.springframework.web.bind.annotation.GetMapping;4 ImportOrg.springframework.web.bind.annotation.RestController;5 6 @RestController7  Public classHomeController {8 9@GetMapping ("/")Ten      PublicString Index () { One         return"Welcome to the home page!"; A     } -}

The startup program is as follows:

1  Packagecn.tiny77.guide06;2 3 Importorg.springframework.boot.SpringApplication;4 Importorg.springframework.boot.autoconfigure.SpringBootApplication;5 6 @SpringBootApplication7  Public classApp {8 9      Public Static voidMain (string[] args) {TenSpringapplication.run (App.class, args); One     } A  -}

Now, we can access the controller without verifying the identity.
Visit http://localhost:8080 and you will see a short text message.

2. Embed Spring Security

Create a new class that configures spring Security with Java code

1  Packagecn.tiny77.guide06;2 3 Importjava.util.Arrays;4 5 ImportOrg.springframework.context.annotation.Bean;6 Importorg.springframework.context.annotation.Configuration;7 ImportOrg.springframework.security.authentication.encoding.LdapShaPasswordEncoder;8 ImportOrg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;9 Importorg.springframework.security.config.annotation.web.builders.HttpSecurity;Ten ImportOrg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; One ImportOrg.springframework.security.ldap.DefaultSpringSecurityContextSource; A  - @Configuration -  Public classWebsecurityconfigextendsWebsecurityconfigureradapter { the  - @Override -     protected voidConfigure (Httpsecurity http)throwsException { - http.authorizerequests (). Anyrequest (). fullyauthenticated (). and (). Formlogin (); +     } -  + @Override A      Public voidConfigure (Authenticationmanagerbuilder auth)throwsException { atAuth.ldapauthentication (). Userdnpatterns ("Uid={0},ou=people"). Groupsearchbase ("Ou=groups")) -. Contextsource (Contextsource ()). Passwordcompare (). Passwordencoder (NewLdapshapasswordencoder ()) -. Passwordattribute ("UserPassword"); -     } -  - @Bean in      PublicDefaultspringsecuritycontextsource Contextsource () { -         return NewDefaultspringsecuritycontextsource (Arrays.aslist ("ldap://localhost:8389/"), to"Dc=springframework,dc=org"); +     } -  the}

The @EnableWebSecurity annotation function is to turn on the check switch.

You need an LDAP service at the same time, Springboot can automate the configuration of a service written purely in Java code, which we will use in this example.
The role of the LdapAuthentication method is to insert username from the form into the string ' {0} ', which the LDAP service queries uid={0},ou=people,dc=springframework,dc=org.
At the same time, the Passwordcompare method configures the name of the decoder and password, obtains the password and verifies.

3. Set up user data
The LDAP Service can replace user data with LDIF (LDAP Data interchange Format).
The Spring.ldap.embedded.ldif property in Application.properties allows Springboot to introduce an LDIF file, which makes it easy to load user data.

Dn:dc=springframework,dc=Orgobjectclass:topobjectclass:domainobjectclass:extensibleObjectdc:springframeworkdn:ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:groupsdn:ou=subgroups,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:subgroupsdn:ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:peopledn:ou=space cadets,dc=springframework,dc=orgobjectclass:topobjectclass:organizationalUnitou:space Cadetsdn:ou=\"quoted People\ ", Dc=springframework,dc=orgObjectclass:topobjectclass:organizationalUnitou:"quoted People"Dn:ou=otherpeople,dc=springframework,dc=Orgobjectclass:topobjectclass:organizationalUnitou:otherpeopledn:uid=ben,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Ben alexsn: Alexuid:benuserpassword: {sha}nfcebwjxfalbhhg1qk5uu4trbvq=Dn:uid=bob,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Bob Hamiltonsn:Hamiltonuid:bobuserPassword:bobspassworddn:uid=joe,ou=otherpeople,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Joe SMETHSN : SMETHUID:JOEUSERPASSWORD:JOESPASSWORDDN:CN=mouse\, jerry,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Mouse, JERRYSN:MOUSEUID:JERRYUSERPASSWORD:JERRYSPASSWORDDN:CN=slash/guy,ou=people,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:slash/GUYSN:SLASHUID:SLASHGUYUSERPASSWORD:SLASHGUYSPASSWORDDN:CN=quote\"guy,ou=\"Quoted People\", dc=springframework,dc=orgobjectclass:topobjectclass:personobjectclass:organizationalpersonobjectclass:inetorgpersoncn:quote\" GuySn:Quoteuid:quoteguyuserPassword:quoteguyspassworddn:uid=space Cadet,ou=space cadets,dc=springframework,dc=Orgobjectclass:topobjectclass:personobjectclass:organizationalPersonobjectclass:inetOrgPersoncn:Space Cadetsn:Cadetuid:space CADETUSERPASSWORD:SPACECADETSPASSWORDDN:CN=developers,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:developersou:developeruniqueMember:uid=ben,ou=people,dc=springframework,dc=Orguniquemember:uid=bob,ou=people,dc=springframework,dc=ORGDN:CN=managers,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:managersou:manageruniqueMember:uid=ben,ou=people,dc=springframework,dc=ORGUNIQUEMEMBER:CN=mouse\, jerry,ou=people,dc=springframework,dc=ORGDN:CN=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=Orgobjectclass:topobjectclass:groupOfUniqueNamescn:submanagersou:submanageruniqueMember:uid=ben,ou=people,dc=springframework,dc=org

If you visit localhost:8080, you will be redirected to the provided login page of spring Security.
Enter the username Ben Password Benspassword, you can see the following page.

4. Demo download

Spring Essay 06 Verifying users with LDAP

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More