Comments (5)
Jeoff Wilks said:
I noticed that #SEC-107 listed SecurityLDAP as a component. Perhaps someone can explain to me how the AuthenticationDao/UserDetailsService interface is supposed to be used for LDAP authentication. The LDAP code in the sandbox implements an alternative PasswordAuthenticationDao (which loads by username and password), but as of 0.9.0 that interface appears to be gone from the main codebase. How can you authenticate to LDAP as the user without knowing their password? If you’re talking to LDAP via a manager account that may work, but that approach doesn’t allow you to authenticate as the actual user.
I ended up just rewriting the LDAP authentication as a provider that extends AbstractUserDetailsAuthenticationProvider directly. (The retrieveUser() method allows access to the password). That seems to make more sense to me than going through a constrained AuthenticationDao interface which only provides access to the username and not a password.
from spring-security.
Ben Alex said:
Jeoff, you are correct in having extended AbstractUserDetailsAuthenticationProvider. The PasswordAuthenticationDao approach is deprecated and has been replaced by AbstractUserDetailsAuthenticationProvider.
from spring-security.
Luke Taylor said:
I’m working on getting a version of the LdapProvider together for the 1.0 RC release and have implemented it this way. It’s not always possible to retrieve the password though. I’ve worked for a client before where it wasn’t possible to authenticate as the user, or to retrieve the password, but you could perform an LDAP “compare” operation to see if the password matched. I believe this kind of variation is quite common. So I’m hoping to include support for:
1. Binding as the user
2. Binding as a manager user and checking the password locally
3. Performing a compare of the password with the stored value, without actually retrieving it (either anonymously or as the manager user).
Any other suggestions or comments will be most welcome.
from spring-security.
Luke Taylor said:
LDAP provider is pretty much in place now, so we can probably use more specific issues now.
from spring-security.
Ben Alex said:
Will be in 1.0.0 RC2.
from spring-security.
Related Issues (20)
- Fix typos and formatting in documentation
- Webservice returns invalid response containing Empty Headers (":") HOT 1
- Horizontal Scaling Issue with XorCsrfTokenRequestAttributeHandler
- Use Javadoc macro
- Add XML support for OIDC backchannel logout
- Add repository for returing Asserting Party Metadata
- Add expiry-aware refreshing asserting party repository
- OAuth2AuthorizationCodeGrantFilter erroneously consumes POST request body with multipart/form-data HOT 2
- Improve documentation about `CredentialsContainer`
- Configure Build to Confirm UnboundId 7 Compatibility
- Introduce `UserAuthorities`
- Support doing a Token Exchange of access token from OIDC login HOT 2
- OIDC Backchannel Logout should allow logout tokens having `typ` header of `logout+jwt`
- Cannot get Stateless Authorisation Server to work HOT 2
- Dynamic register SecurityFilterChain HOT 2
- Spring do not support 401 unauthorized responce by default HOT 1
- Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect
- Consider removing generics from `AuthorizationRequestRepository` HOT 2
- How can classpath public key values be utilized in the OAuth2 client jwks_uri? HOT 6
- Spring Security OAuth2 Client "user-name-attribute" property is being ignored HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.