SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))
一、
The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.
If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.passwordCompare();
}
By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.passwordCompare()
.passwordEncoder(new Md5PasswordEncoder())
.passwordAttribute("passcode");
}
In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.
SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))的更多相关文章
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)
一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())
1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求
一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)
一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)
一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder
一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库
一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)
Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()
一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...
随机推荐
- python 自动化之路 day 00 目录
目录 初识Python Python基本数据类型 Python基础之函数 Python基础之杂货铺 模块 面向对象 网络编程 HTML CSS JavaScript DOM jQuery Web框架本 ...
- JQuery 预热
这是第一次在博客园写随笔,之所以有这样的冲动是因为每次看到很多园友不断的发表文章,记录下自己的点点滴滴,内心就在不断的忏悔,我很敬佩这种人,不管他们表达的东西是初级还是精辟,我认为只要去坚持写了就是一 ...
- ASP.NET 发送电子邮件简介
1.补充知识 (1)POP3和SMTP服务器是什么? 简单点来说:POP3 用于接收电子邮件 ,SMTP 用于发送电子邮件. (1)POP3具体指什么? POP3(Post Office Protoc ...
- 怎么在spring官网上下载spring的jar包, 源代码和文档?
现在 http://repo.spring.io/release/org/springframework/spring/第一种,简单粗暴直接 1 http://repo.springsource.or ...
- scala知识点(一)
1.drop,dropRight,dropWhile drop: drop(n: Int): List[A] 丢弃前n个元素,返回剩下的元素 dropRight: dropRight(n: Int): ...
- Django 下static的配置
1.添加一个BASE_DIR在setting.py中,如果已存在可不用添加,需引入 import os BASE_DIR = os.path.dirname(os.path.dirname(os.pa ...
- poj 3641 Pseudoprime numbers Miller_Rabin测素裸题
题目链接 题意:题目定义了Carmichael Numbers 即 a^p % p = a.并且p不是素数.之后输入p,a问p是否为Carmichael Numbers? 坑点:先是各种RE,因为po ...
- 浅析nginx的负载均衡
Nginx 的 HttpUpstreamModule 提供对后端(backend)服务器的简单负载均衡.一个最简单的 upstream 写法如下: upstream backend { server ...
- jquery.prompt.js 弹窗的使用
/*** * Prompt提示语插件 * 编写时间:2013年4月8号 * version:Prompt.1.0.js * author:小宇<i@windyland.com> ***/ ...
- iOS 进阶 第一天(0323)
0323 Storyboard连线错误 如下图: 不允许直接修改对象的结构体属性成员,但允许直接整体修改对象的结构体属性 如下图: 打印一个控件对象的frame 如下图: 如果一个控件无论怎么改变它的 ...