一、LDAP server在哪
By default, Spring Security’s LDAP authentication assumes that the LDAP server is listening on port 33389 on localhost. But if your LDAP server is on another machine,you can use the contextSource() method to configure the location:
1 @Override 2 protected void configure(AuthenticationManagerBuilder auth) 3 throws Exception { 4 auth 5 .ldapAuthentication() 6 .userSearchBase("ou=people") 7 .userSearchFilter("(uid={0})") 8 .groupSearchBase("ou=groups") 9 .groupSearchFilter("member={0}") 10 .contextSource().url("ldap://habuma.com:389/dc=habuma,dc=com"); 11 }
The contextSource() method returns a ContextSourceBuilder , which, among other things, offers the url() method that lets you specify the location of the LDAP server.
二、设置LDAP server
If you don’t happen to have an LDAP server lying around waiting to be authenticated
against, Spring Security can provide an embedded LDAP server for you. Instead of set-
ting the URL to a remote LDAP server, you can specify the root suffix for the embed-
ded server via the root() method:
1 @Override 2 protected void configure(AuthenticationManagerBuilder auth) 3 throws Exception { 4 auth 5 .ldapAuthentication() 6 .userSearchBase("ou=people") 7 .userSearchFilter("(uid={0})") 8 .groupSearchBase("ou=groups") 9 .groupSearchFilter("member={0}") 10 .contextSource() 11 .root("dc=habuma,dc=com"); 12 }
When the LDAP server starts, it will attempt to load data from any LDIF files that it can
find in the classpath. LDIF ( LDAP Data Interchange Format) is a standard way of rep-
resenting LDAP data in a plain text file. Each record is composed of one or more lines,
each containing a name:value pair. Records are separated from each other by blank
lines.
If you’d rather that Spring not rummage through your classpath looking for just
any LDIF files it can find, you can be more explicit about which LDIF file gets loaded
by calling the ldif() method:
1 @Override 2 protected void configure(AuthenticationManagerBuilder auth) 3 throws Exception { 4 auth.ldapAuthentication() 5 .userSearchBase("ou=people") 6 .userSearchFilter("(uid={0})") 7 .groupSearchBase("ou=groups") 8 .groupSearchFilter("member={0}") 9 .contextSource() 10 .root("dc=habuma,dc=com") 11 .ldif("classpath:users.ldif"); 12 }
Here you specifically ask the LDAP server to load its content from the users.ldif file at
the root of the classpath. In case you’re curious, here’s an LDIF file that you could use
to load the embedded LDAP server with user data:
1 dn: ou=groups,dc=habuma,dc=com 2 objectclass: top 3 objectclass: organizationalUnit 4 ou: groups 5 dn: ou=people,dc=habuma,dc=com 6 objectclass: top 7 objectclass: organizationalUnit 8 ou: people 9 dn: uid=habuma,ou=people,dc=habuma,dc=com 10 objectclass: top 11 objectclass: person 12 objectclass: organizationalPerson 13 objectclass: inetOrgPerson 14 cn: Craig Walls 15 sn: Walls 16 uid: habuma 17 userPassword: password 18 dn: uid=jsmith,ou=people,dc=habuma,dc=com 19 objectclass: top 20 objectclass: person 21 objectclass: organizationalPerson 22 objectclass: inetOrgPerson 23 cn: John Smith 24 sn: Smith 25 uid: jsmith 26 userPassword: password 27 dn: cn=spittr,ou=groups,dc=habuma,dc=com 28 objectclass: top 29 objectclass: groupOfNames 30 cn: spittr 31 member: uid=habuma,ou=people,dc=habuma,dc=com
Spring Security’s built-in user stores are convenient and cover the most common use
cases. But if your authentication needs are of the uncommon variety, you may need to
create and configure a custom user-details service.