使用spirng引导的Active Directory LDAP认证

Question

如何使用Spring Boot进行活动目录LDAP认证。我是春季靴的新手，有人可以帮助我吗？谁能给我一个完整的例子？

我试图理解以下代码，但是我需要全面的支持，例如我们如何将用户名和密码从登录表单绑定到后端，然后如何进行身份验证。

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String userName = auth.getName();
String password = (String)auth.getCredentials();


package com.mycompany;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{

    @Value("${ldap.url:ldap://mycompany.com:389}") private String url;
    @Value("${ldap.domain}:mycompany.com") private String domain;
    @Value("${ldap.userDNPattern:}") private String userDNPattern;

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .httpBasic();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        ActiveDirectoryLdapAuthenticationProvider adProvider = 
                    new ActiveDirectoryLdapAuthenticationProvider(domain,url);
        adProvider.setConvertSubErrorCodesToExceptions(true);
        adProvider.setUseAuthenticationRequestCredentials(true);

        // set pattern if it exists
        // The following example would authenticate a user if they were a member
        // of the ServiceAccounts group
        // (&(objectClass=user)(userPrincipalName={0})
        //   (memberof=CN=ServiceAccounts,OU=alfresco,DC=mycompany,DC=com))
        if (userDNPattern != null && userDNPattern.trim().length() > 0)
        {
            adProvider.setSearchFilter(userDNPattern);
        }
        auth.authenticationProvider(adProvider);

        // don't erase credentials if you plan to get them later
        // (e.g using them for another web service call)
        auth.eraseCredentials(false);
     }
}