zoukankan      html  css  js  c++  java

  • SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一、

    The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.

    If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:

     1 @Override
 2 protected void configure(AuthenticationManagerBuilder auth)
 3 throws Exception {
 4     auth
 5         .ldapAuthentication()
 6         .userSearchBase("ou=people")
 7         .userSearchFilter("(uid={0})")
 8         .groupSearchBase("ou=groups")
 9         .groupSearchFilter("member={0}")
10         .passwordCompare();
11 }

    By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :

     1 @Override
 2 protected void configure(AuthenticationManagerBuilder auth)
 3 throws Exception {
 4     auth
 5         .ldapAuthentication()
 6         .userSearchBase("ou=people")
 7         .userSearchFilter("(uid={0})")
 8         .groupSearchBase("ou=groups")
 9         .groupSearchFilter("member={0}")
10         .passwordCompare()
11         .passwordEncoder(new Md5PasswordEncoder())
12         .passwordAttribute("passcode");
13 }

    In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
    and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
    In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.
  • 相关阅读:
    字符串函数---atof()函数具体解释及实现(完整版)
    curl的简单使用
    [7] 算法之路
    springMVC3.0(文件上传,@RequestMapping加參数,@SessionAttributes,@ModelAttribute,转发,重定向,数值获取,传參,ajax,拦截器)
    hdu 1754 I Hate It 线段树 点改动
    经典的7种排序算法 原理C++实现
    自己定义View实现水平滚动控件
    centos编译ffmpeg x264
    工作脚本处理文本
    A*寻路算法
  • 原文地址:https://www.cnblogs.com/shamgod/p/5252872.html
Copyright © 2011-2022 走看看