spring-security-ldap | 易学教程

How to use LDAP Authentication in a corporate environment

阅读更多关于 How to use LDAP Authentication in a corporate environment

问题 I'd like users to log into my Spring-Boot application with their corporate username/password-combination (so I can use AD authentication and (maybe also) use that AD to query active users). So I did nslookup -type=srv _ldap._tcp.MY.DOMAIN which resulted in the outcome: Server: Servername.MY.DOMAIN Address: 1.1.1.1 _ldap._tcp.MY.DOMAIN SRV service location priority = 0 weight = 50 port = 389 svr hostname = a_host.MY.DOMAIN //... a few more of these a_host.MY.DOMAIN internet address = 5.5.5.5

Grails Spring Security LDAP plugin with multiple Active Directory servers

阅读更多关于 Grails Spring Security LDAP plugin with multiple Active Directory servers

问题 I have the Grails Spring Security plugin connecting to one Active Directory server with no problems. However, I need to connect to multiple servers. We have some users on one AD server and other users on a different server, so we need to try looking for users in both locations. For example, in Java I have this working as below: <authentication-manager> <authentication-provider ref="provider1"/> <authentication-provider ref="provider2"/> ... </authentication-manager> <ldap-server id="provider1

Spring Security; custom-filter and user-service-ref not working together

阅读更多关于 Spring Security; custom-filter and user-service-ref not working together

问题 I'm trying to implement spring security authorization using a custom filter. security.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www

What is implication of adding @Component to custom Spring Security filter

阅读更多关于 What is implication of adding @Component to custom Spring Security filter

问题 I have a custom Spring Security filter extending GenericFilterBean. To do automatic dependency and bean creation I added a @Component annotation. In my Security config I also register the filter like: @Autowired private RestAuthenticationFilter restAuthenticationFilter; protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .addFilterBefore(restAuthenticationFilter, LogoutFilter.class) Everything works well except that my filter is called twice... It seems

ldap.rememberMe.usernameMapper.userDnBase (multiple instances of?) (searchSubtree search capability)

阅读更多关于 ldap.rememberMe.usernameMapper.userDnBase (multiple instances of?) (searchSubtree search capability)

I have a Grails application that is successfully using the latest spring-security-core:2.0-RC4 and spring-security-ldap:2.0-RC2 . Users can login perfectly using grails.plugin.springsecurity.ldap.search.base setting for LDAP login authentication. There is a different setting for the rememberMe userDnBase (mapper) and that setting is: grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase The LDAP authentication grails.plugin.springsecurity.ldap.search.base is set to ou=people,dc=sitcudy,dc=edu . As mentioned above - the logins work fine because there is a property called

Grails - Spring security plugin ldap: remember me not working

阅读更多关于 Grails - Spring security plugin ldap: remember me not working

I have a Grails application with spring-security-ldap plugin installed and configured with Active Directory specific options. Grails version: 2.1.1. spring-security-core plugin version: 2.0-RC2 spring-security-ldap plugin version: 2.0-RC2 Everything works fine: users log in to the application validating against the Active Directory and their groups are retrieved in order to control the access to the different pages. My problem: "remember me" option doesn't work. I have configured the application in order to use "remember me" option and I have run the s2-create-persistent-token command. I have

What is implication of adding @Component to custom Spring Security filter

阅读更多关于 What is implication of adding @Component to custom Spring Security filter

I have a custom Spring Security filter extending GenericFilterBean. To do automatic dependency and bean creation I added a @Component annotation. In my Security config I also register the filter like: @Autowired private RestAuthenticationFilter restAuthenticationFilter; protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .addFilterBefore(restAuthenticationFilter, LogoutFilter.class) Everything works well except that my filter is called twice... It seems Spring adds filters also automatically to standard filters. What should be the best approach here? UPDATE

Java Spring get attributes from Active Directory UserDetails

阅读更多关于 Java Spring get attributes from Active Directory UserDetails

问题 I have a user that has logged in through AD and now I want to get some of their information. Here's a sample test endpoint I am playing with: @RequestMapping(value={"/secure/test"}, method=RequestMethod.GET) public ResponseEntity<?> getSecureTest(HttpServletRequest request) { String str = "Test Response"; request.getSession().setAttribute("testVar", "SessionVariable"); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); UserDetails userDetails =

Java Spring get attributes from Active Directory UserDetails

阅读更多关于 Java Spring get attributes from Active Directory UserDetails

I have a user that has logged in through AD and now I want to get some of their information. Here's a sample test endpoint I am playing with: @RequestMapping(value={"/secure/test"}, method=RequestMethod.GET) public ResponseEntity<?> getSecureTest(HttpServletRequest request) { String str = "Test Response"; request.getSession().setAttribute("testVar", "SessionVariable"); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); UserDetails userDetails = (UserDetails) authentication.getPrincipal(); if (!(authentication instanceof AnonymousAuthenticationToken)) {

Do we need to write CustomActiveDirectoryLdapAuthenticationProvider if we want to get user details from ActiveDirectory

阅读更多关于 Do we need to write CustomActiveDirectoryLdapAuthenticationProvider if we want to get user details from ActiveDirectory

问题 If we need to get User attributes from ActiveDirectory like name, sn etc. can't we configure using Specialized LDAP authentication provider which uses Active Directory configuration conventions like "springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider" @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()