LDAP - AD上下文源的用户名密码配置

Question

我正在使用Spring Security使用LDAP协议对Active Directory进行身份验证。下面的代码工作以及在认证和建立LDAP模板太（springSecurity.xml）：

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xmlns:context="http://www.springframework.org/schema/context" 
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:ldap="http://www.springframework.org/schema/ldap" 
      xsi:schemaLocation=" 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd 
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
      http://www.springframework.org/schema/context 
      http://www.springframework.org/schema/context/spring-context.xsd 
      http://www.springframework.org/schema/ldap 
      http://www.springframework.org/schema/ldap/spring-ldap.xsd"> 

    <http use-expressions="true"> 

     <intercept-url pattern="/login" access="permitAll" /> 
     <intercept-url pattern="/authenticated" access="isAuthenticated()" /> 

     <form-login login-page="/login" default-target-url="/authenticated" 
      authentication-failure-url="/login?error=true" /> 
     <logout /> 


    </http> 

    <beans:bean 
     class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> 
     <beans:property name="location"> 
      <beans:value>classpath:/ldap.properties</beans:value> 
     </beans:property> 
     <beans:property name="SystemPropertiesMode"> 
      <beans:value>2</beans:value> <!-- OVERRIDE is 2 --> 
     </beans:property> 
    </beans:bean> 

    <beans:bean id="adAuthenticationProvider" 
     class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider"> 
     <beans:constructor-arg value="${sample.ldap.domain}" /> 
     <beans:constructor-arg value="${sample.ldap.url}" /> 
     <beans:property name="useAuthenticationRequestCredentials" 
      value="true" /> 
     <beans:property name="convertSubErrorCodesToExceptions" 
      value="true" /> 
    </beans:bean> 


    <authentication-manager> 
     <authentication-provider ref="adAuthenticationProvider" /> 
    </authentication-manager> 

<!-- Ldap after authentication --> 

    <context:property-placeholder location="classpath:/ldap.properties" 
     system-properties-mode="OVERRIDE" /> 
    <context:annotation-config /> 

    <ldap:context-source id="contextSource" 
         password="${sample.ldap.password}" 
         url="${sample.ldap.url}" 
         username="${sample.ldap.userDn}" 
         base="${sample.ldap.base}" 
         referral="follow" /> 

    <ldap:ldap-template id="ldapTemplate" 
     context-source-ref="contextSource" /> 

    <ldap:repositories base-package="com.domain" /> 

    <beans:bean class="com.service.UserService"> 
     <beans:property name="directoryType" value="${sample.ldap.directory.type}" /> 
    </beans:bean> 

    <!-- Required to make sure BaseLdapName is populated in UserService --> 
    <beans:bean 
     class="org.springframework.ldap.core.support.BaseLdapPathBeanPostProcessor" /> 

</beans:beans> 

认证工作正常，而来自login.jsp的获取为j_username和为j_password。要设置ldap模板，我使用在属性文件中定义的用户名和密码属性，但是我希望从spring security使用相同的用户名和密码。请指导我如何将弹出安全证书的ldap：context-source id =“contextSource”中的用户名和密码属性属性绑定在一起。

该代码是一点点混乱，任何改进的意见是值得欢迎的。

Answer 1

根据参考文档的Configuration chapter的规定，您可以通过在ContextSource的配置元素中指定自定义authentication-source-ref来对ContextSource使用Spring Security身份验证。在你的情况下，你可以使用Spring Security附带的一个SpringSecurityAuthenticationSource。

<ldap:context-source id="contextSource" 
        url="${sample.ldap.url}" 
        base="${sample.ldap.base}" 
        referral="follow" 
        authentication-source-ref="authenticationSource"/> 

<bean id="authenticationSource" 
    class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource" />