SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))
2016-03-08 09:44
447 查看
一、
The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.
If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:
By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :
In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.
The default strategy for authenticating against LDAP is to perform a bind operation,authenticating the user directly to the LDAP server. Another option is to perform a comparison operation. This involves sending the entered password to the LDAP directory and asking the server to compare the password against a user’s password attribute. Because the comparison is done within the LDAP server, the actual password remains secret.
If you’d rather authenticate by doing a password comparison, you can declare so with the passwordCompare() method:
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userSearchBase("ou=people") .userSearchFilter("(uid={0})") .groupSearchBase("ou=groups") .groupSearchFilter("member={0}") .passwordCompare(); }
By default, the password given in the login form will be compared with the value of the userPassword attribute in the user’s LDAP entry. If the password is kept in a different attribute, you can specify the password attribute’s name with passwordAttribute() :
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userSearchBase("ou=people") .userSearchFilter("(uid={0})") .groupSearchBase("ou=groups") .groupSearchFilter("member={0}") .passwordCompare() .passwordEncoder(new Md5PasswordEncoder()) .passwordAttribute("passcode"); }
In this example, you specify that the "passcode" attribute is what should be compared with the given password. Moreover, you also specify a password encoder. It’s nice that the actual password is kept secret on the server when doing server-side password comparison. But the attempted password is still passed across the wire to the LDAP server
and could be intercepted by a hacker. To prevent that, you can specify an encryption strategy by calling the passwordEncoder() method.
In the example, passwords are encrypted using MD5 . This assumes that the passwords are also encrypted using MD5 in the LDAP server.
相关文章推荐
- IOS-OC 编码建议
- Android M新特性Doze and App Standby模式详解
- Android ProGuard 混淆 详解
- android开发技巧——仿新版QQ锁屏下弹窗
- android获取路径
- Android 5.0新特性了解(一)----TabLayout
- android开发过程中的log日志管理
- iOS 9 学习系类: Gameplay Kit – Pathfinding
- Kotlin(2): 优雅地扩展类的方法和属性
- iOS7.0适配问题
- 4.10 Android VideoView播放视频
- 让我们再谈谈 iOS 安全
- Android应用第一次安装成功点击“打开”后Home键切出应用后再点击桌面图标返回导致应用重启问题
- Android中使用TabHost 与 Fragment 制作页面切换效果
- Vectors(2): 绘制优美的路径动画
- Android多进程编程 IPC(Inter-Process Communiction) 小摘
- 《Android开发艺术探索》15章Android性能优化
- Android内存优化之OOM
- Android开发之MediaRecorder类详解
- Android studio 查看签名文件MD5,SHA1