差異處
這裏顯示兩個版本的差異處。
Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
java:ldap:spring:simpleauthentication [2016/04/02 18:52] tony |
java:ldap:spring:simpleauthentication [2023/06/25 09:48] (目前版本) |
||
---|---|---|---|
行 44: | 行 44: | ||
</code> | </code> | ||
===== With TLS(StartTLS) ===== | ===== With TLS(StartTLS) ===== | ||
+ | 有幾個要點: | ||
+ | * 使用ldap protocol。 | ||
+ | * 透過DefaultTlsDirContextAuthenticationStrategy讓client與server negotiate。 | ||
+ | * 由於會做hostname的verify,為了測試,所以我們先override去避掉它。 | ||
+ | * 做authenticate時,透過LookupAttemptingCallback讓它在連線完成後做search,以驗證密碼是否正確。 | ||
+ | <code java> | ||
+ | LdapContextSource contextSource = new LdapContextSource(); | ||
+ | contextSource.setUrl("ldap://192.168.1.13:389"); | ||
+ | contextSource.setBase("dc=testldap,dc=org"); | ||
+ | contextSource.setUserDn("cn=admin,dc=testldap,dc=org"); | ||
+ | contextSource.setPassword("123456"); | ||
+ | |||
+ | DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy(); | ||
+ | strategy.setHostnameVerifier((hostname, sslsession) -> { | ||
+ | return true; | ||
+ | }); | ||
+ | contextSource.setAuthenticationStrategy(strategy); | ||
+ | contextSource.afterPropertiesSet(); | ||
+ | |||
+ | LdapTemplate ldapTemplate = new LdapTemplate(contextSource); | ||
+ | try { | ||
+ | ldapTemplate.afterPropertiesSet(); | ||
+ | Filter filter = new EqualsFilter("cn", "tonylin"); | ||
+ | Assert.assertTrue(ldapTemplate.authenticate("ou=sw", filter.encode(), "123456", new LookupAttemptingCallback())); | ||
+ | Assert.assertFalse(ldapTemplate.authenticate("ou=sw", filter.encode(), "654321", new LookupAttemptingCallback())); | ||
+ | } catch (Exception e) { | ||
+ | Assert.fail(e.getMessage()); | ||
+ | } | ||
+ | </code> | ||
+ | 為了確認真的是TLS,透別使用wireshark觀察一下: [[pc:goodsoftware:wireshark|link]]。 | ||
===== Reference ===== | ===== Reference ===== | ||
* [[http://www.jayway.com/2009/02/02/simple-authentication-using-spring-ldap/|simple-authentication-using-spring-ldap]] | * [[http://www.jayway.com/2009/02/02/simple-authentication-using-spring-ldap/|simple-authentication-using-spring-ldap]] | ||
- | * | + | * [[http://stackoverflow.com/questions/16570222/how-to-authenticate-against-active-directory-via-ldap-over-tls|how-to-authenticate-against-active-directory-via-ldap-over-tls]] |
===== ===== | ===== ===== |