这里的Acegi主要是指:acegi-security-1.0.3
在这篇文章中,说到ApacheDS,这是一个开源的LDAP服务器,要特别注意它的端口不是389是10389 因为LDAP里面的密码是加密的,注意要加上这一句:
<bean id="passwordEncoder" class="org.acegisecurity.providers.ldap.authenticator.LdapShaPasswordEncoder"/>
如果是使用microsoft的AD,它不是使用标准的LDAP,自己上上了一些东西,所以跟文章所提到有差别,
连接代码如下: <bean id="passwordEncoder" class="org.acegisecurity.providers.ldap.authenticator.LdapShaPasswordEncoder"/>
<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://192.168.2.12:389/DC=huzai,DC=com,DC=cn" /> <property name="managerDn" value="CN=vm01,ou=huzai,dc=huzai,dc=com,dc=cn" /> <property name="managerPassword" value="******/> <property name="extraEnvVars"> <map> <entry key="java.naming.referral" value="follow" /> </map> </property></bean>
<bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0" value="OU=huzai" /> <constructor-arg index="1" value="(&(objectClass=user)(sAMAccountName={0}))" /> <constructor-arg index="2" ref="initialDirContextFactory" /> <property name="searchSubtree" value="true" /></bean>
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg>
<bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg ref="initialDirContextFactory" /> <property name="userSearch" ref="userSearch" /> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0" ref="initialDirContextFactory" /> <constructor-arg index="1" value="OU=huzai" /> <property name="convertToUpperCase" value="true" /> <property name="searchSubtree" value="true" /> <property name="groupSearchFilter" value="(&(objectClass=group)(member={0}))" /> <property name="groupRoleAttribute" value="CN" /> </bean> </constructor-arg></bean>