如何配置Spring Security PasswordComparisonAuthenticator

时间:2010-04-20 22:25:40

标签: spring spring-security spring-ldap

我可以使用以下bean绑定到本地计算机上的嵌入式ldap服务器:

<b:bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <b:constructor-arg>
        <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <b:constructor-arg ref="contextSource" />
            <b:property name="userSearch">
                <b:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                  <b:constructor-arg index="0" value="ou=people"/>
                  <b:constructor-arg index="1" value="(uid={0})"/>
                  <b:constructor-arg index="2" ref="contextSource" />
                </b:bean>
            </b:property>
        </b:bean>
    </b:constructor-arg>
    <b:constructor-arg>
        <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator">
        </b:bean>
    </b:constructor-arg>
</b:bean>

但是,当我尝试使用PasswordComparisonAuthenticator进行身份验证时,它会在错误的凭据事件上重复失败:

 <b:bean id="ldapAuthProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <b:constructor-arg>
        <b:bean
            class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator">
            <b:constructor-arg ref="contextSource" />
            <b:property name="userDnPatterns">
                <b:list>
                    <b:value>uid={0},ou=people</b:value>
                </b:list>
            </b:property>
        </b:bean>
    </b:constructor-arg>
    <b:constructor-arg>
        <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator">
        </b:bean>
    </b:constructor-arg>
</b:bean>

通过调试,我可以看到authenticate方法从ldif文件中获取DN,但是然后尝试比较密码,但是,它使用的是LdapShaPasswordEncoder(默认密码),其中密码以明文形式存储在文件,这是身份验证失败的地方。

这是引用首选身份验证bean的身份验证管理器bean:

<authentication-manager>

    <authentication-provider ref="ldapAuthProvider"/>

    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5" base64="true">
            <salt-source system-wide="secret"/>
        </password-encoder>
    </authentication-provider>
</authentication-manager>

另一方面,我是否将ldapAuthProvider上的密码编码器设置为明文,或者只是将其留空,似乎没有什么区别。任何帮助将不胜感激。

由于

1 个答案:

答案 0 :(得分:1)

我可以通过在PasswordEncoder属性中注入PlainTextPasswordEncoder来覆盖PasswordComparisonAuthenticator中的默认LdapShaPasswordEncoder:

 <b:bean id="ldapAuthProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <b:constructor-arg>
        <b:bean
            class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator">
            <b:constructor-arg ref="contextSource" />
            <b:property name="passwordEncoder">
                <b:bean class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder"></b:bean>
            </b:property>
            <b:property name="userDnPatterns">
                <b:list>
                    <b:value>uid={0},ou=people</b:value>
                </b:list>
            </b:property>
        </b:bean>
    </b:constructor-arg><b:constructor-arg>
        <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator">
        </b:bean>
    </b:constructor-arg>
</b:bean>

现在它在比较之前没有将提供的输入转换为SHA ...