2011-12-23 36 views
3

如何将弹簧安全性从ldap更改为ldap starttls。如何将弹簧安全性从ldap更改为ldap starttls

我正在使用Spring Security和LDAP编写Spring项目。我有一切工作很好,然后管理员用starttls将它改为ldap。有人可以告诉我如何更新我的XML文件,让我的项目再次运作。

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:jdbc="http://www.springframework.org/schema/jdbc" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/jdbc 
      http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.0.xsd" 
    xmlns="http://www.springframework.org/schema/security" > 

    <http 
     auto-config="true" 
     use-expressions="true" > 

     <intercept-url 
      access="hasRole('ROLE_MEMBER_INQUIRY')" 
      pattern="/requests/**" /> 

    </http> 

    <authentication-manager > 

     <ldap-authentication-provider 
      user-search-base="ou=webusers" 
      user-search-filter="(uid={0})" > 

      <password-compare > 

       <password-encoder ref="passwordEncoder" > 
       </password-encoder> 
      </password-compare> 
     </ldap-authentication-provider> 
    </authentication-manager> 

    <beans:bean 
     id="passwordEncoder" 
     class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" > 
    </beans:bean> 

    <beans:bean 
     id="contextSource" 
     class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" > 

     <beans:constructor-arg value="ldap://10.52.208.228:389/dc=xxxxx,dc=dev" /> 

     <beans:property 
      name="userDn" 
      value="cn=Manager,dc=xxxxx,dc=dev" /> 

     <beans:property 
      name="password" 
      value="secret" /> 
    </beans:bean> 

    <beans:bean 
     id="ldapAuthProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" > 

     <beans:constructor-arg > 

      <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator" > 

       <beans:constructor-arg ref="contextSource" /> 

       <beans:property name="userDnPatterns" > 

        <beans:list > 

         <beans:value > 

uid={0},ou=webusers 

         </beans:value> 
        </beans:list> 
       </beans:property> 
      </beans:bean> 
     </beans:constructor-arg> 

     <beans:constructor-arg > 

      <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator" > 

       <beans:constructor-arg ref="contextSource" /> 

       <beans:constructor-arg value="ou=groups" /> 

       <beans:property 
        name="groupRoleAttribute" 
        value="ou" /> 
      </beans:bean> 
     </beans:constructor-arg> 
    </beans:bean> 

    <ldap-server url="ldap://10.52.208.228:389/dc=xxxxx,dc=dev" /> 

    <beans:bean 
     id="propertyConfigurer" 
     class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" > 

     <beans:property 
      name="location" 
      value="classpath:jdbc.properties" /> 
    </beans:bean> 

    <beans:bean 
     id="dataSource" 
     class="org.apache.commons.dbcp.BasicDataSource" > 

     <beans:property 
      name="driverClassName" 
      value="${database.driver}" /> 

     <beans:property 
      name="url" 
      value="${database.url}" /> 

     <beans:property 
      name="username" 
      value="${database.user}" /> 

     <beans:property 
      name="password" 
      value="${database.password}" /> 

     <beans:property 
      name="initialSize" 
      value="5" /> 

     <beans:property 
      name="maxActive" 
      value="10" /> 
    </beans:bean> 

</beans:beans> 
+0

TLS通过使用扩展操作启动TLS的明文连接上启动。 LDAP客户端仍应能够使用明文连接。还是你的意思是说,如果在连接上发出的第一个请求不是StartTLS,目录服务器管理员现在正在使连接关闭? – 2011-12-23 20:33:49

+0

您可能需要将ldap服务器证书导入应用服务器的密钥库。 – 2011-12-24 02:25:15

回答