3
如何将弹簧安全性从ldap更改为ldap starttls。如何将弹簧安全性从ldap更改为ldap starttls
我正在使用Spring Security和LDAP编写Spring项目。我有一切工作很好,然后管理员用starttls将它改为ldap。有人可以告诉我如何更新我的XML文件,让我的项目再次运作。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd"
xmlns="http://www.springframework.org/schema/security" >
<http
auto-config="true"
use-expressions="true" >
<intercept-url
access="hasRole('ROLE_MEMBER_INQUIRY')"
pattern="/requests/**" />
</http>
<authentication-manager >
<ldap-authentication-provider
user-search-base="ou=webusers"
user-search-filter="(uid={0})" >
<password-compare >
<password-encoder ref="passwordEncoder" >
</password-encoder>
</password-compare>
</ldap-authentication-provider>
</authentication-manager>
<beans:bean
id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" >
</beans:bean>
<beans:bean
id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" >
<beans:constructor-arg value="ldap://10.52.208.228:389/dc=xxxxx,dc=dev" />
<beans:property
name="userDn"
value="cn=Manager,dc=xxxxx,dc=dev" />
<beans:property
name="password"
value="secret" />
</beans:bean>
<beans:bean
id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" >
<beans:constructor-arg >
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator" >
<beans:constructor-arg ref="contextSource" />
<beans:property name="userDnPatterns" >
<beans:list >
<beans:value >
uid={0},ou=webusers
</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg >
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator" >
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property
name="groupRoleAttribute"
value="ou" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<ldap-server url="ldap://10.52.208.228:389/dc=xxxxx,dc=dev" />
<beans:bean
id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" >
<beans:property
name="location"
value="classpath:jdbc.properties" />
</beans:bean>
<beans:bean
id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" >
<beans:property
name="driverClassName"
value="${database.driver}" />
<beans:property
name="url"
value="${database.url}" />
<beans:property
name="username"
value="${database.user}" />
<beans:property
name="password"
value="${database.password}" />
<beans:property
name="initialSize"
value="5" />
<beans:property
name="maxActive"
value="10" />
</beans:bean>
</beans:beans>
TLS通过使用扩展操作启动TLS的明文连接上启动。 LDAP客户端仍应能够使用明文连接。还是你的意思是说,如果在连接上发出的第一个请求不是StartTLS,目录服务器管理员现在正在使连接关闭? – 2011-12-23 20:33:49
您可能需要将ldap服务器证书导入应用服务器的密钥库。 – 2011-12-24 02:25:15