差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
java:ldap:spring:supportsamofadprovider [2016/04/19 22:21] tony [How to] |
— (目前版本) | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | {{tag>ldap spring spring-ldap spring-security jndi}} | ||
| - | ====== Support SAM-Account-Name of AD Provider ====== | ||
| - | ===== Introduction ===== | ||
| - | Windows Active Directory提供User Principle Name(簡稱UPN)與SAM Account Name(簡稱SAM)兩種登入方式:\\ | ||
| - | {{:java:ldap:spring:ad_upn_san.png|}}\\ | ||
| - | 然而ActiveDirectoryLdapAuthenticationProvider僅支援UPN的驗證方式。因此本篇文章主要告訴大家如何支援SAM驗證方式。 | ||
| - | ===== How to ===== | ||
| - | ActiveDirectoryLdapAuthenticationProvider驗證UPN的方式,是透過使用者輸入的帳號密碼,並藉由JNDI去做搜尋。而搜尋過濾的條件為: | ||
| - | <code java> | ||
| - | (&(objectClass=user)(userPrincipalName={0})) | ||
| - | </code> | ||
| - | 所以我們也許可以透過JNDI並搭配搜尋過濾條件去驗證SAM;在開始修改Provider前,我要先確認JNDI是否有辦法支援SAM。我撰寫以下程式碼做確認: | ||
| - | * Domain: TEST.COM | ||
| - | * SAM: TEST\test | ||
| - | * filter: (&(objectClass=user)(samaccountname=test)) | ||
| - | <code java> | ||
| - | LdapContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://10.134.15.138:389"); | ||
| - | contextSource.setBase("DC=TEST,DC=COM"); | ||
| - | //contextSource.setUserDn("test@TEST.COM"); | ||
| - | contextSource.setUserDn("TEST\\test"); | ||
| - | contextSource.setPassword("123456"); | ||
| - | contextSource.afterPropertiesSet(); | ||
| - | |||
| - | LdapTemplate ldapTemplate = new LdapTemplate(contextSource); | ||
| - | ldapTemplate.afterPropertiesSet(); | ||
| - | |||
| - | SearchControls sc = new SearchControls(); | ||
| - | sc.setSearchScope(SearchControls.SUBTREE_SCOPE); | ||
| - | ldapTemplate.search("cn=Users", "(&(objectClass=user)(samaccountname=test))", sc, new NameClassPairCallbackHandler() { | ||
| - | @Override | ||
| - | public void handleNameClassPair(NameClassPair nameClassPair) { | ||
| - | System.out.println(nameClassPair.getName()); | ||
| - | } | ||
| - | }); | ||
| - | </code> | ||
| - | 如果是搜尋UPN可以用以下程式碼: | ||
| - | <code java> | ||
| - | ldapTemplate.search("cn=Users", "(&(objectClass=user)(userPrincipalName=test@test.com))", sc, new NameClassPairCallbackHandler() { | ||
| - | @Override | ||
| - | public void handleNameClassPair(NameClassPair nameClassPair) { | ||
| - | System.out.println(nameClassPair.getName()); | ||
| - | } | ||
| - | }); | ||
| - | </code> | ||
| - | |||
| - | ===== Reference ===== | ||
| - | * [[https://msdn.microsoft.com/zh-tw/library/windows/desktop/ms679635(v=vs.85).aspx|SAM-Account-Name attribute]] | ||
| - | * [[https://github.com/spring-projects/spring-security/blob/master/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java|Github - ActiveDirectoryLdapAuthenticationProvider.java]] | ||
| - | |||
| - | |||
| - | ===== ===== | ||
| - | ---- | ||
| - | \\ | ||
| - | ~~DISQUS~~ | ||
