Spring security Version 3.1 - Need to match user using either userPrincipalName without domain added OR sAMAccountName (search filter ?)

偶尔善良 提交于 2021-02-11 17:51:05

问题


All,

Our IT dept has decided to change the suffix of our users in AD by adding a different suffix to the userPrincipalName in AD to the actual domain being used.

e.g. our domain is xxx.com but userPrincipalName is now "usera@zzz.tech" whereas before it was "usera@xxx.com".

The Spring LDAP AD authentication no longer works with this because of this reason I think: userPrincipalName is built up using name + domain when it tries to authenticate.

I need to override this somehow - but keep with Spring security version 3.1 (ideally !)

This is the security bean we use

<bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <constructor-arg value="$websec{authentication.base}" />
    <constructor-arg value="$websec{ldap.providerUrl}" />
    <property name="authoritiesMapper" ref="dataAutomationGrantedAuthoritiesMapper" />
    <property name="useAuthenticationRequestCredentials" value="true" />
</bean>

How can I override this behaviour?

Thank you


回答1:


We ended up modifying the original Spring code for the class : ActiveDirectoryLdapAuthenticationProvider and changing the method createBindPrincipal to allow a userPrincipalName that has a different domain to the security root domain to be authorised.

/**
 * Create bind principal by appending configured user domain to username if it doesn't already contain a domain.
 *
 * @param username  User name for which to create bind principal.
 *
 * @return username, if configured domain is null or the username already contains a domain; otherwise username
 *         appended with the configured user domain.
 */
String createBindPrincipal(final String username) {
    if (domain == null || username.contains("@")) {
        return username;
    }
    return username + "@" + userDomain;
}


来源:https://stackoverflow.com/questions/58232159/spring-security-version-3-1-need-to-match-user-using-either-userprincipalname

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!