SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

一、LDAP server在哪

By default, Spring Security’s LDAP authentication assumes that the LDAP server is listening on port 33389 on localhost. But if your LDAP server is on another machine,you can use the contextSource() method to configure the location:

 @Override
 protected void configure(AuthenticationManagerBuilder auth)
 throws Exception {
     auth
         .ldapAuthentication()
         .userSearchBase("ou=people")
         .userSearchFilter("(uid={0})")
         .groupSearchBase("ou=groups")
         .groupSearchFilter("member={0}")
         .contextSource().url("ldap://habuma.com:389/dc=habuma,dc=com");
 }

The contextSource() method returns a ContextSourceBuilder , which, among other things, offers the url() method that lets you specify the location of the LDAP server.

二、设置LDAP server

If you don’t happen to have an LDAP server lying around waiting to be authenticated
against, Spring Security can provide an embedded LDAP server for you. Instead of set-
ting the URL to a remote LDAP server, you can specify the root suffix for the embed-
ded server via the root() method:

 @Override
 protected void configure(AuthenticationManagerBuilder auth)
 throws Exception {
     auth
         .ldapAuthentication()
         .userSearchBase("ou=people")
         .userSearchFilter("(uid={0})")
         .groupSearchBase("ou=groups")
         .groupSearchFilter("member={0}")
         .contextSource()
         .root("dc=habuma,dc=com");
 }

When the LDAP server starts, it will attempt to load data from any LDIF files that it can
find in the classpath. LDIF ( LDAP Data Interchange Format) is a standard way of rep-
resenting LDAP data in a plain text file. Each record is composed of one or more lines,
each containing a name:value pair. Records are separated from each other by blank
lines.
If you’d rather that Spring not rummage through your classpath looking for just
any LDIF files it can find, you can be more explicit about which LDIF file gets loaded
by calling the ldif() method:

 @Override
 protected void configure(AuthenticationManagerBuilder auth)
 throws Exception {
     auth.ldapAuthentication()
         .userSearchBase("ou=people")
         .userSearchFilter("(uid={0})")
         .groupSearchBase("ou=groups")
         .groupSearchFilter("member={0}")
         .contextSource()
         .root("dc=habuma,dc=com")
         .ldif("classpath:users.ldif");
 }

Here you specifically ask the LDAP server to load its content from the users.ldif file at
the root of the classpath. In case you’re curious, here’s an LDIF file that you could use
to load the embedded LDAP server with user data:

 dn: ou=groups,dc=habuma,dc=com
 objectclass: top
 objectclass: organizationalUnit
 ou: groups
 dn: ou=people,dc=habuma,dc=com
 objectclass: top
 objectclass: organizationalUnit
 ou: people
 dn: uid=habuma,ou=people,dc=habuma,dc=com
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: Craig Walls
 sn: Walls
 uid: habuma
 userPassword: password
 dn: uid=jsmith,ou=people,dc=habuma,dc=com
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: John Smith
 sn: Smith
 uid: jsmith
 userPassword: password
 dn: cn=spittr,ou=groups,dc=habuma,dc=com
 objectclass: top
 objectclass: groupOfNames
 cn: spittr
 member: uid=habuma,ou=people,dc=habuma,dc=com

Spring Security’s built-in user stores are convenient and cover the most common use
cases. But if your authentication needs are of the uncommon variety, you may need to
create and configure a custom user-details service.