一、LDAP server在哪
By default, Spring Security’s LDAP authentication assumes that the LDAP server is listening on port 33389 on localhost. But if your LDAP server is on another machine,you can use the contextSource() method to configure the location:
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource().url("ldap://habuma.com:389/dc=habuma,dc=com");
}
The contextSource() method returns a ContextSourceBuilder , which, among other things, offers the url() method that lets you specify the location of the LDAP server.
二、设置LDAP server
If you don’t happen to have an LDAP server lying around waiting to be authenticated
against, Spring Security can provide an embedded LDAP server for you. Instead of set-
ting the URL to a remote LDAP server, you can specify the root suffix for the embed-
ded server via the root() method:
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource()
.root("dc=habuma,dc=com");
}
When the LDAP server starts, it will attempt to load data from any LDIF files that it can
find in the classpath. LDIF ( LDAP Data Interchange Format) is a standard way of rep-
resenting LDAP data in a plain text file. Each record is composed of one or more lines,
each containing a name:value pair. Records are separated from each other by blank
lines.
If you’d rather that Spring not rummage through your classpath looking for just
any LDIF files it can find, you can be more explicit about which LDIF file gets loaded
by calling the ldif() method:
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.ldapAuthentication()
.userSearchBase("ou=people")
.userSearchFilter("(uid={0})")
.groupSearchBase("ou=groups")
.groupSearchFilter("member={0}")
.contextSource()
.root("dc=habuma,dc=com")
.ldif("classpath:users.ldif");
}
Here you specifically ask the LDAP server to load its content from the users.ldif file at
the root of the classpath. In case you’re curious, here’s an LDIF file that you could use
to load the embedded LDAP server with user data:
dn: ou=groups,dc=habuma,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=habuma,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=habuma,ou=people,dc=habuma,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Craig Walls
sn: Walls
uid: habuma
userPassword: password
dn: uid=jsmith,ou=people,dc=habuma,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: John Smith
sn: Smith
uid: jsmith
userPassword: password
dn: cn=spittr,ou=groups,dc=habuma,dc=com
objectclass: top
objectclass: groupOfNames
cn: spittr
member: uid=habuma,ou=people,dc=habuma,dc=com
Spring Security’s built-in user stores are convenient and cover the most common use
cases. But if your authentication needs are of the uncommon variety, you may need to
create and configure a custom user-details service.