带有弹簧安全性的LDAP身份验证，无需指定组

如何解决带有弹簧安全性的LDAP身份验证，无需指定组

我想在所有组（ou）的ldap服务器下对用户进行身份验证。我无法为ldap服务器下的所有组配置它。我想允许所有用户登录我的spring mvc应用程序。目前，我正在对两个组（OU）下的用户进行身份验证，它对我来说效果很好。现在，我想要一个通用的解决方案来对用户进行身份验证并获取其组。

@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Session management 10 minutes
        http.sessionManagement().maximumSessions(10);
        http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();

    }
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.ldapAuthentication().userDnPatterns("cn={0},ou=people,ou=gruops,dc=ABC,dc=COM").userSearchBase("cn={0}").contextSource()
                .url("ldap://abc.com:389");
        
    }
    @Bean
    public LdapContextSource contextSource() {
        // DefaultSpringSecurityContextSource
        LdapContextSource contextSource = new LdapContextSource();
        contextSource.setUrl("ldap://abc.com:389");
        contextSource.setBase("dc=ABC,dc=COM");

        return contextSource;
    }
    @Bean
    public LdapTemplate ldapTemplate() {
        LdapTemplate ldapTemplate = new LdapTemplate(contextSource());
        ldapTemplate.setIgnorePartialResultException(true);
        return ldapTemplate;
    }


**Then i am authenticating users using ldapContextSource in Controller Class** 
------------------------------------------------------------------------


    @Autowired
    LdapContextSource contextSource; 
    private boolean validateUser(String userName,Stirng password) {
            String userDn = "cn=" + userName.toLowerCase() + "ou=people,ou=groups,dc=COM";
    
            System.out.println("Inside Utility.Authenticate method");
            DirContext ctx = null;
            try {
    
                ctx = contextSource.getContext(userDn,password);
                return true;
            } catch (Exception e) {
                // Context creation Failed - authentication did not succeed
                System.out.println("Login Failed" + e);
                // logger.error();
                return false;
            } finally {
                // It is imperative that the created DirContext instance is always closed
                LdapUtils.closeContext(ctx);
            }
    } 
 
**This works well for two groups(ou=people,ou=groups).  I have other organizational units under ldap://abc.com:389. I want to allow all the groups under ldap server without specifying them all.**

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。