我是否可以使用Spring Security项目对LDAP进行身份验证,并根据数据库为经过身份验证的用户设置权限?
谢谢!
答案 0 :(得分:1)
我已经为此找到了解决方案,答案来自上面:
<authentication-manager >
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://IP:port/...."/>
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="ldapUserSearch" />
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="prpa.athos.security.listener.MyLDAPAuthorities">
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="authenticationSuccessListener"
class="prpa.athos.security.listener.AuthenticationSuccessListener">
</beans:bean>
<beans:bean id="ldapUserSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value=""/>
<beans:constructor-arg index="1" value="(uid={0})"/>
<beans:constructor-arg index="2" ref="contextSource" />
</beans:bean>
在MyLDAPAuthorities类中,我实现了classe LdapAuthoritiesPopulator,从而获得了权威机构的数据库。
答案 1 :(得分:0)
是的,您需要一个LdapBindAuthenticator和一个基于DAO的AuthoritiesPopulator。