一、

The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.

If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:

 @Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.passwordCompare();
}

By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :

 @Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.passwordCompare()
.passwordEncoder(new Md5PasswordEncoder())
.passwordAttribute("passcode");
}

In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

随机推荐

  1. python 自动化之路 day 00 目录

    目录 初识Python Python基本数据类型 Python基础之函数 Python基础之杂货铺 模块 面向对象 网络编程 HTML CSS JavaScript DOM jQuery Web框架本 ...

  2. JQuery 预热

    这是第一次在博客园写随笔,之所以有这样的冲动是因为每次看到很多园友不断的发表文章,记录下自己的点点滴滴,内心就在不断的忏悔,我很敬佩这种人,不管他们表达的东西是初级还是精辟,我认为只要去坚持写了就是一 ...

  3. ASP.NET 发送电子邮件简介

    1.补充知识 (1)POP3和SMTP服务器是什么? 简单点来说:POP3 用于接收电子邮件 ,SMTP 用于发送电子邮件. (1)POP3具体指什么? POP3(Post Office Protoc ...

  4. 怎么在spring官网上下载spring的jar包, 源代码和文档?

    现在 http://repo.spring.io/release/org/springframework/spring/第一种,简单粗暴直接 1 http://repo.springsource.or ...

  5. scala知识点(一)

    1.drop,dropRight,dropWhile drop: drop(n: Int): List[A] 丢弃前n个元素,返回剩下的元素 dropRight: dropRight(n: Int): ...

  6. Django 下static的配置

    1.添加一个BASE_DIR在setting.py中,如果已存在可不用添加,需引入 import os BASE_DIR = os.path.dirname(os.path.dirname(os.pa ...

  7. poj 3641 Pseudoprime numbers Miller_Rabin测素裸题

    题目链接 题意:题目定义了Carmichael Numbers 即 a^p % p = a.并且p不是素数.之后输入p,a问p是否为Carmichael Numbers? 坑点:先是各种RE,因为po ...

  8. 浅析nginx的负载均衡

    Nginx 的 HttpUpstreamModule 提供对后端(backend)服务器的简单负载均衡.一个最简单的 upstream 写法如下: upstream backend { server ...

  9. jquery.prompt.js 弹窗的使用

    /*** * Prompt提示语插件 * 编写时间:2013年4月8号 * version:Prompt.1.0.js * author:小宇<i@windyland.com> ***/ ...

  10. iOS 进阶 第一天(0323)

    0323 Storyboard连线错误 如下图: 不允许直接修改对象的结构体属性成员,但允许直接整体修改对象的结构体属性 如下图: 打印一个控件对象的frame 如下图: 如果一个控件无论怎么改变它的 ...