java - SpringBoot，如何在不使用ldif的情况下使用LDAP进行身份验证？

Question

我正在 SpringBoot 中尝试 LDAP 身份验证示例 here

它使用的是 ldif 方法，我认为该方法不适用于我的要求，因为我们的 ldap 管理员不会告诉我在哪里可以找到我需要的 ldif。 在 springboot 之前，我曾经使用自己的 ldap 实现，而不是使用 ldif。有没有办法验证不只使用 ldif SECURITY_AUTHENTICATION.simple ？ 下面是我如何在基本 Java 没有 spring 的情况下进行 ldap 安全性。如何在 Spring 中执行此操作而不使用 ldif 只是基本用户名密码。

boolean isLdapRegistred(String username, String password) {
    boolean result = false;
    try {

        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");           
        env.put(Context.SECURITY_AUTHENTICATION, "simple");         
        env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
        env.put(Context.SECURITY_CREDENTIALS, password);

        // Create the initial context
        DirContext ctx = new InitialDirContext(env);
        result = ctx != null;
        if (ctx != null)
        ctx.close();
        System.out.println(result);
        return result;
    } catch (Exception e) {
        System.out.println("oops");
        return result;
    }

}

下面是 SpringBoots 示例，需要使用我的凭据而不是 ldif。

@Configuration
protected static class AuthenticationConfiguration extends
        GlobalAuthenticationConfigurerAdapter {

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource().ldif("classpath:test-server.ldif");
    }
}

Answer 1

这个对我来说非常有效，但我需要对其进行微小的修改。

    @Configuration
    @EnableWebSecurity
    public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(ldapAuthenticationProvider());
        }

        @Bean
        public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
            DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
Arrays.asList("ldapServerUrl:port"),rootDn);
            contextSource.afterPropertiesSet();
            LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, contextSource);
            BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
            bindAuthenticator.setUserSearch(ldapUserSearch);
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new DefaultLdapAuthoritiesPopulator(contextSource, ldapGroupSearchBase));
            return ldapAuthenticationProvider;
        }
    }

我已经经历了好几天的痛苦才走到这一步 否则，您可以使用自定义身份验证并进行类似的操作

    @Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    private Logger log = Logger.getLogger(CustomAuthenticationProvider.class);

    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {

        String email = authentication.getName();
        String password = authentication.getCredentials().toString();

        log.info("email : " + email);
        log.info("password : " + password);

        try {
            if (authenticate(email, password)) {

                // use the credentials
                // and authenticate against the third-party system
                return new UsernamePasswordAuthenticationToken(
                        email, password, new ArrayList<>());
            } else {
                return null;
            }
        } catch (NamingException ex) {
            log.info(ex);
        }
        return null;
    }

    boolean isLdapRegistred(String username, String password) {
    boolean result = false;
    try {

        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://10.x.x.x:389");           
        env.put(Context.SECURITY_AUTHENTICATION, "simple");         
        env.put(Context.SECURITY_PRINCIPAL, "OUR-DOMAIN\\" + username);
        env.put(Context.SECURITY_CREDENTIALS, password);

        // Create the initial context
        DirContext ctx = new InitialDirContext(env);
        result = ctx != null;
        if (ctx != null)
        ctx.close();
        System.out.println(result);
        return result;
    } catch (Exception e) {
        System.out.println("oops");
        return result;
    }

}


    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(
          UsernamePasswordAuthenticationToken.class);
    }
}

在另一个类(class)

    @Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private Logger log = Logger.getLogger(WebSecurityConfiguration.class);
    @Autowired
    private CustomAuthenticationProvider authProvider;

    @Override
    protected void configure(
      AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(authProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and()
            .httpBasic();
    }
}

然后奇迹就发生了