请查看如下所示的配置:
ldap.urls=ldap://***.***.local:8389
ldap.base.dn=dc=test,dc=com
ldap.user.dn.pattern=(&(objectClass=user)(userPrincipalName={0})(memberof=CN=Group Name,OU=***,OU=****,DC=test,DC=com))
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);
@Value("${ldap.url}")
private String ldapUrl;
@Value("${ldap.base.dn}")
private String ldapDomain;
@Value("${ldap.user.dn.pattern}")
private String ldapUserDnPattern;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
this.ldapDomain, this.ldapUrl);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
// Checks with the Distinguished Name pattern provided
if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
adProvider.setSearchFilter(this.ldapUserDnPattern);
}
auth.authenticationProvider(adProvider);
}
}
有人可以告诉我在使用ActiveDirectoryLdapAuthenticationProvider进行配置时如何指定userDn和密码吗?
答案 0 :(得分:0)
在属性中定义ldap.domain = test.com。
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);
@Value("${ldap.url}")
private String ldapUrl;
@Value("${ldap.base.dn}")
private String ldapBaseDN;
@Value("${ldap.domain}")
private String ldapDomain;
@Value("${ldap.user.dn.pattern}")
private String ldapUserDnPattern;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
this.ldapDomain, this.ldapUrl, this.ldapBaseDN);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
// Checks with the Distinguished Name pattern provided
if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
adProvider.setSearchFilter(this.ldapUserDnPattern);
}
auth.authenticationProvider(adProvider);
}
}