我想驗證我的web應用程序對我們的內部活動目錄useres。 我已經ApplicationContext的安全設置如下:對Spring和Active Directory使用bindAuthentication是不可能的?
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/static/j_spring_security_check"
login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/static/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<!--
<intercept-url pattern="/choice/**" access="hasRole('ROLE_ADMIN')"/>
-->
<!--
<intercept-url pattern="/member/**" access="isAuthenticated()" />
-->
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<!--
SHA-256 values can be produced using 'echo -n your_desired_password |
sha256sum' (using normal *nix environments)
-->
<authentication-provider>
<password-encoder hash="sha-256" />
<user-service>
<user name="admin"
password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
authorities="ROLE_ADMIN" />
<user name="user"
password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb"
authorities="ROLE_USER" />
</user-service>
</authentication-provider>
<ldap-authentication-provider user-dn-pattern="{0}@company.domain"/>
<!-- <ldap-authentication-provider user-search-filter="(sAMAccountName={0})" user-search-base="OU=UNIT,OU=CE,OU=company,OU=Accounts"/>-->
</authentication-manager>
<!-- LDAP Security Configuration -->
<ldap-server url="ldap://10.9.1.1:389/DC=company,DC=domain"/>
我的問題是:我不知道如何建立正確的DN使用綁定認證?
上面的值({0] @ company.domain)可用於Windows(AD的特殊'特性'),但spring-security不會接受它,因爲它不符合DN的正確語法。
沒有任何事情是不可能的,但你可能需要編寫自己的UserDetailsService。 – Gandalf 2010-03-17 13:34:58
O.K.這是我想避免的。我想知道爲什麼沒有一個班級做AD登錄。 AD並不罕見,我猜;-) – er4z0r 2010-03-17 15:52:06