LDAP - AD上下文源的用戶名密碼配置

Question

我正在使用Spring Security使用LDAP協議對Active Directory進行身份驗證。下面的代碼工作以及在認證和建立LDAP模板太（springSecurity.xml）：

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xmlns:context="http://www.springframework.org/schema/context" 
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:ldap="http://www.springframework.org/schema/ldap" 
      xsi:schemaLocation=" 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd 
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
      http://www.springframework.org/schema/context 
      http://www.springframework.org/schema/context/spring-context.xsd 
      http://www.springframework.org/schema/ldap 
      http://www.springframework.org/schema/ldap/spring-ldap.xsd"> 

    <http use-expressions="true"> 

     <intercept-url pattern="/login" access="permitAll" /> 
     <intercept-url pattern="/authenticated" access="isAuthenticated()" /> 

     <form-login login-page="/login" default-target-url="/authenticated" 
      authentication-failure-url="/login?error=true" /> 
     <logout /> 


    </http> 

    <beans:bean 
     class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> 
     <beans:property name="location"> 
      <beans:value>classpath:/ldap.properties</beans:value> 
     </beans:property> 
     <beans:property name="SystemPropertiesMode"> 
      <beans:value>2</beans:value> <!-- OVERRIDE is 2 --> 
     </beans:property> 
    </beans:bean> 

    <beans:bean id="adAuthenticationProvider" 
     class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider"> 
     <beans:constructor-arg value="${sample.ldap.domain}" /> 
     <beans:constructor-arg value="${sample.ldap.url}" /> 
     <beans:property name="useAuthenticationRequestCredentials" 
      value="true" /> 
     <beans:property name="convertSubErrorCodesToExceptions" 
      value="true" /> 
    </beans:bean> 


    <authentication-manager> 
     <authentication-provider ref="adAuthenticationProvider" /> 
    </authentication-manager> 

<!-- Ldap after authentication --> 

    <context:property-placeholder location="classpath:/ldap.properties" 
     system-properties-mode="OVERRIDE" /> 
    <context:annotation-config /> 

    <ldap:context-source id="contextSource" 
         password="${sample.ldap.password}" 
         url="${sample.ldap.url}" 
         username="${sample.ldap.userDn}" 
         base="${sample.ldap.base}" 
         referral="follow" /> 

    <ldap:ldap-template id="ldapTemplate" 
     context-source-ref="contextSource" /> 

    <ldap:repositories base-package="com.domain" /> 

    <beans:bean class="com.service.UserService"> 
     <beans:property name="directoryType" value="${sample.ldap.directory.type}" /> 
    </beans:bean> 

    <!-- Required to make sure BaseLdapName is populated in UserService --> 
    <beans:bean 
     class="org.springframework.ldap.core.support.BaseLdapPathBeanPostProcessor" /> 

</beans:beans> 

認證工作正常，而來自login.jsp的獲取爲j_username和爲j_password。要設置ldap模板，我使用在屬性文件中定義的用戶名和密碼屬性，但是我希望從spring security使用相同的用戶名和密碼。請指導我如何將彈出安全證書的ldap：context-source id =「contextSource」中的用戶名和密碼屬性屬性綁定在一起。

該代碼是一點點混亂，任何改進的意見是值得歡迎的。

Answer 1

根據參考文檔的Configuration chapter的規定，您可以通過在ContextSource的配置元素中指定自定義authentication-source-ref來對ContextSource使用Spring Security身份驗證。在你的情況下，你可以使用Spring Security附帶的一個SpringSecurityAuthenticationSource。

<ldap:context-source id="contextSource" 
        url="${sample.ldap.url}" 
        base="${sample.ldap.base}" 
        referral="follow" 
        authentication-source-ref="authenticationSource"/> 

<bean id="authenticationSource" 
    class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource" />