Announcement Announcement Module
Collapse
No announcement yet.
Spring Security with LDAP with MD5 password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security with LDAP with MD5 password

    I am working on a project using Spring and Spring Security with LDAP. I had my project working great with LDAP before we MD5 the user passwords. Now that we MD5 the users passwords I am trying to find a way in the Spring XML to tell Springs to MD5 the password before checking LDAP.

    Below is my XML

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
        
        <beans:beans xmlns="http://www.springframework.org/schema/security"
        	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        	xmlns:jdbc="http://www.springframework.org/schema/jdbc"
        	xsi:schemaLocation="http://www.springframework.org/schema/beans
                   http://www.springframework.org/schem...-beans-3.0.xsd
        	       http://www.springframework.org/schema/jdbc
        		   http://www.springframework.org/schem...g-jdbc-3.0.xsd
        	       http://www.springframework.org/schema/security
        	       http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        
        	<http auto-config="true" use-expressions='true'>
        		<intercept-url pattern="/friends/**" access="isAuthenticated()" />
        		<intercept-url pattern="/articles/**" access="isAuthenticated()" />
        	</http>
        
        	<authentication-manager>
        		<ldap-authentication-provider
        			user-search-filter="(uid={0})" user-search-base="ou=sampleusers" />
        	</authentication-manager>
        
        
        	<beans:bean id="contextSource"
        		class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        		<beans:constructor-arg value="ldap://localhost:389/dc=xxxwf,dc=org" />
        		<beans:property name="userDn" value="cn=admin,dc=xxxwf,dc=org" />
        		<beans:property name="password" value="sabrina123" />
        	</beans:bean>
        	<beans:bean id="ldapAuthProvider"
        		class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        		<beans:constructor-arg>
        			<beans:bean
        				class="org.springframework.security.ldap.authentication.BindAuthenticator">
        				<beans:constructor-arg ref="contextSource" />
        				<beans:property name="userDnPatterns">
        					<beans:list>
        						<beans:value>uid={0},ou=sampleusers</beans:value>
        					</beans:list>
        				</beans:property>
        		</beans:constructor-arg>
        
        	</beans:bean>
        	<ldap-server url="ldap://127.0.0.1:389/dc=xxxwf,dc=org" />
        
        	<beans:bean id="propertyConfigurer"
        		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        		<beans:property name="location" value="classpath:jdbc.properties" />
        
        
        	</beans:bean>
        	<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
        		<beans:property name="driverClassName" value="${database.driver}" />
        		<beans:property name="url" value="${database.url}" />
        		<beans:property name="username" value="${database.user}" />
        		<beans:property name="password" value="${database.password}" />
        		<beans:property name="initialSize" value="5" />
        		<beans:property name="maxActive" value="10" />
        	</beans:bean>
        </beans:beans>

  • #2
    I suggest a read of the spring security reference guide as it is explained in there. Spring Security is checking the passwords NOT your ldap provider.
    Last edited by Marten Deinum; Nov 9th, 2011, 04:56 AM. Reason: Added url to reference guide chapter

    Comment

    Working...
    X