All geek questions in one place

Spring LDAP Authentication (automatic or not?)

I read Spring's LDAP help documents and was unable to figure out if user authentication is automated on the LDAP server or not.

By "automatic" I mean that this happens automatically when you create a bean if you specify the userDn and password in the ContextSource . That is, the programmer never needs to call LdapTemplate.authenticate(...) - this happens behind the scenes.

So, I would like to know

  • If Spring LDAP Authentication Automatically
  • If there are fields, I can change this behavior.

Thanks,
KTM

EDIT: I ask this question in the context of some code that I wrote. The following ContextSource is one of the context sources in my beans file that the user can use. It is used to set userDn and password at runtime (for security reasons). I want to know if the LDAP application will really use userDn / password, which I collect at runtime during authentication. (Does authentication before executing my code? Does the userDn / password field that my code sets up ignore?)

 public class RuntimeContext extends LdapContextSource { public RuntimeContext() { super(); if (!resolveAuthInfo()) { System.out.println("Failed to resolve auth info. Exiting..."); System.exit(1); } } public boolean resolveAuthInfo() { String myUserDn, myPassword; try { BufferedReader br = new BufferedReader( new InputStreamReader(System.in)); System.out.print("userDn: "); myUserDn = br.readLine(); System.out.print("password: "); myPassword = br.readLine(); } catch (IOException e) { return false; } super.setUserDn(myUserDn); super.setPassword(myPassword); return true; } }
+4
source share
1 answer

I want to know if the LDAP application will really use userDn / password, which I collect at runtime during authentication.

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html

It will use the userDn and password that you collect at runtime. Based on how you configure your beans, LDAP authentication will use one of two paths in Spring:

  • BindAuthenticator Authentication (using BindAuthenticator )
  • Password comparison (using PasswordComparisonAuthenticator )

These authenticators are called in the context of the LdapAuthenticationProvider , which can be configured as an authenticator in the security namespace configuration:

 <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="usernamePasswordUserDetailsService"> <password-encoder ref="passwordEncoder"> <salt-source ref="saltSource"/> </password-encoder> </authentication-provider> <authentication-provider ref="ldapAuthenticationProvider"/> </authentication-manager>

When calling UsernamePasswordAuthenticationFilter (via the / auth / login page):

 <http auto-config="true"> <form-login login-page="/auth/login" login-processing-url="/auth/j_security_check"/> <logout invalidate-session="true" logout-url="/auth/logout"/> </http>

a token is created with a username and password. LdapAuthenticationProvider responds to this token:

 public class LdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware { ... public boolean supports(Class<?> authentication) { return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)); } }

And use the information you saved in LdapContextSource to perform authentication.

+1
source

Source: https://habr.com/ru/post/1337035/

More articles:


All Articles