public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator
LdapAuthenticator
which compares the login password with the value stored in the
directory using a remote LDAP "compare" operation.
If passwords are stored in digest form in the repository, then a suitable
PasswordEncoder
implementation must be supplied. By default, passwords are
encoded using the LdapShaPasswordEncoder
. Note that compare operations will not
work if salted-SHA (SSHA) passwords are used, as it is not possible to know the salt
value which is a random byte sequence generated by the directory.
messages
Constructor and Description |
---|
PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource) |
Modifier and Type | Method and Description |
---|---|
DirContextOperations |
authenticate(Authentication authentication)
Authenticates as a user and obtains additional user information from the directory.
|
void |
setPasswordAttributeName(String passwordAttribute) |
void |
setPasswordEncoder(Object passwordEncoder) |
afterPropertiesSet, getContextSource, getUserAttributes, getUserDns, getUserSearch, setMessageSource, setUserAttributes, setUserDnPatterns, setUserSearch
public PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource)
public DirContextOperations authenticate(Authentication authentication)
LdapAuthenticator
public void setPasswordAttributeName(String passwordAttribute)
public void setPasswordEncoder(Object passwordEncoder)