Spring Security:给定连接URL集的LDAP身份验证&证书

时间:2016-08-11 21:27:41

标签: spring-security ldap

我已经获得了以下需要用于身份验证的LDAP配置。这如何转化为Java代码?

  

通过SSL扩展ldap

     

ext.secure.adapter.ConnectionURL = LDAP:// ext_host:999   encrypted.ext.secure.adapter.UserName = CN =管理员,CN =用户,DC = EXT-预,DC = CORP预,DC = com的   encrypted.ext.secure.adapter.Password = HelloWorld1

     

SSL ldap over SSL

     

corp.secure.adapter.ConnectionURL = LDAP:// corp_host:888   encrypted.corp.secure.adapter.UserName = CN =管理员,CN =用户,DC = CORP预,DC = com的   encrypted.corp.secure.adapter.Password = HelloWorld1

以下代码是否正确?

package com.company.boot;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin();
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .ldapAuthentication()
                    .userDnPatterns("uid={0},ou=people")
                    .groupSearchBase("ou=groups")
                    .contextSource()
                    .url("ldap://ext_host:999/CN=Administrator,CN=Users,DC=ext-pre,DC=corp-pre,DC=com");
        }
    }
}

以上代码仅适用于一个ConnectionURL。我如何包含其他ConnectionURL?

1 个答案:

答案 0 :(得分:0)

只需使用不同的网址添加两次即可。首先,它会针对ldap://ext_host:999进行身份验证,如果没有找到,则会检入ldap://corp_host:888 

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth
            .ldapAuthentication()
            .userDnPatterns("uid={0},ou=people")
            .groupSearchBase("ou=groups")
            .contextSource()
            .url("ldap://ext_host:999/CN=Administrator,CN=Users,DC=ext-pre,DC=corp-pre,DC=com");

            auth
            .ldapAuthentication()
            .userDnPatterns("uid={0},ou=people")
            .groupSearchBase("ou=groups")
            .contextSource()
            .url("ldap://corp_host:888/CN=Administrator,CN=Users,DC=corp-pre,DC=com");
}
相关问题
最新问题