maven项目添加
<dependency> <groupId>org.springframework.ldap</groupId> <artifactId>spring-ldap-core</artifactId> <version>2.0.2.RELEASE</version> </dependency>
/** * */ package com.howbuy.uaa.ldap; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import org.springframework.ldap.core.AuthenticationSource; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.LdapContextSource; /** * @author qiankun.li * */ public class UaaLdapTemplate { private LDAPAuthentication authentication; private static LdapTemplate template; private Map<String, List<User>> cacheMap = new HashMap<String, List<User>>(); private final String USER_CACHE_KEY = "user_cache_key"; /** * ldap服务器URL */ private String url; /** * baseDn */ private String baseDn; /** * ldap服务器账号 */ private String principal; /** * ldap服务器密码 */ private String credentials; void init() { LdapContextSource cs = new LdapContextSource(); cs.setCacheEnvironmentProperties(false); cs.setUrl(url); cs.setBase(baseDn); cs.setAuthenticationSource(new AuthenticationSource() { @Override public String getCredentials() { return credentials; } @Override public String getPrincipal() { return principal; } }); template = new LdapTemplate(cs); } /**获取所有的用户数据 * @param isFromCache 是否从本地缓存取数据 true/false * @return */ public List<User> getAllUser(boolean isFromCache) { List<User> result = null; boolean isFromLocal = false; if(isFromCache){ result = cacheMap.get(USER_CACHE_KEY); if(null==result){ isFromLocal = true; } }else{ isFromLocal = true; } if(isFromLocal){ result = new ArrayList<User>(); String baseCeo = "OU=CEO"; String base_hk = "OU=staff-hk,OU=howbuy-hk"; String base_pd = "OU=staff-pd,OU=howbuy-pd"; List<User> ceo = template.search(baseCeo, "(objectclass=user)", new UserMapper()); List<User> hk = template.search(base_hk, "(objectclass=user)", new UserMapper()); List<User> pd = template.search(base_pd, "(objectclass=user)", new UserMapper()); result.addAll(ceo); result.addAll(hk); result.addAll(pd); putUsersToCache(result); } return result; } private void putUsersToCache(List<User> result){ cacheMap.put(USER_CACHE_KEY, result); System.out.println("put key ["+USER_CACHE_KEY+"] value into localCache successed"); } /** * 判断用户是否合法,当用户名密码都正确的时候返回true,否则false * @param UID * @param password * @return */ public boolean authenricate(String UID, String password) { return authentication.authenricate(UID, password); } public String getUrl() { return url; } public void setUrl(String url) { this.url = url; } public String getBaseDn() { return baseDn; } public void setBaseDn(String baseDn) { this.baseDn = baseDn; } public String getPrincipal() { return principal; } public void setPrincipal(String principal) { this.principal = principal; } public String getCredentials() { return credentials; } public void setCredentials(String credentials) { this.credentials = credentials; } public LDAPAuthentication getAuthentication() { return authentication; } public void setAuthentication(LDAPAuthentication authentication) { this.authentication = authentication; } }
如上是获取用户的代码,但是我想校验用户的用户名密码是否正确,经过网上查找资料,spring目前没有找到可以做到的方法,所有,还是使用原生的API,代码如下
package com.howbuy.uaa.ldap; import java.util.Hashtable; import javax.naming.AuthenticationException; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.Control; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class LDAPAuthentication { private static final Logger LOGGER = LoggerFactory .getLogger(LDAPAuthentication.class); private String url; private String baseDn; private String principal; private String credentials; private String factory = "com.sun.jndi.ldap.LdapCtxFactory"; private LdapContext ctx = null; private final Control[] connCtls = null; private void LDAP_connect() throws Exception { if (null == ctx) { Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, factory); env.put(Context.PROVIDER_URL, url + baseDn); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, credentials); // 此处若不指定用户名和密码,则自动转换为匿名登录 try { ctx = new InitialLdapContext(env, connCtls); } catch (javax.naming.AuthenticationException e) { throw e; } catch (Exception e) { throw e; } } } private String getUserDN(String uid) throws Exception { String userDN = ""; LDAP_connect(); try { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration<SearchResult> en = ctx.search("","sAMAccountName=" + uid, constraints); if (en == null || !en.hasMoreElements()) { LOGGER.warn("未找到用户:" + uid); return userDN; } // maybe more than one element while (en != null && en.hasMoreElements()) { Object obj = en.nextElement(); if (obj instanceof SearchResult) { SearchResult si = (SearchResult) obj; userDN += si.getName(); userDN += "," + baseDn; } } } catch (Exception e) { LOGGER.error("查找用户[" + uid + "]时产生异常", e.getMessage()); } return userDN; } public boolean authenricate(String UID, String password) { boolean valide = false; String userDN = ""; try { userDN = getUserDN(UID); if(StringUtils.isNotBlank(userDN)){ LOGGER.info("userDN:" + userDN); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(connCtls); LOGGER.info(userDN + ",验证通过"); valide = true; } } catch (AuthenticationException e) { LOGGER.info(userDN + ",验证失败", e.getMessage()); valide = false; } catch (NamingException e) { LOGGER.info(userDN + ",验证失败", e.getMessage()); valide = false; } catch (Exception e) { LOGGER.info(userDN + ",验证失败", e.getMessage()); } try { ctx.close(); } catch (NamingException e) { LOGGER.info("关闭LdapContext对象失败", e.getMessage()); }finally{ if(null!=ctx){ ctx=null; } } return valide; } public String getUrl() { return url; } public void setUrl(String url) { this.url = url; } public String getBaseDn() { return baseDn; } public void setBaseDn(String baseDn) { this.baseDn = baseDn; } public String getPrincipal() { return principal; } public void setPrincipal(String principal) { this.principal = principal; } public String getCredentials() { return credentials; } public void setCredentials(String credentials) { this.credentials = credentials; } }
package com.howbuy.uaa.ldap; import java.util.List; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import org.springframework.ldap.core.AttributesMapper; public class UserMapper implements AttributesMapper<User> { @Override public User mapFromAttributes(Attributes attributes) throws NamingException { User user = new User(); Attribute attributeCn = attributes.get("cn"); if (null != attributeCn) { user.setUserName(attributeCn.get().toString()); } Attribute attributeAcc = attributes.get("sAMAccountName"); if (null != attributeAcc) { user.setAccount(attributeAcc.get().toString()); } Attribute attributeMail = attributes.get("mail"); if (null != attributeMail) { user.setEmail(attributeMail.get().toString()); } Attribute attributeUid = attributes.get("member"); if (null != attributeUid) { int size = attributeUid.size(); List<String> memberList = user.getMemberList(); for (int i = 0; i < size; i++) { String ms = attributeUid.get(i).toString(); memberList.add(ms); } } Attribute attributeDistinguishedName = attributes.get("distinguishedName"); if(null!=attributeDistinguishedName){ user.setDistinguishedName(attributeDistinguishedName.get().toString()); }else{ return null; } return user; } }
/** * */ package com.howbuy.uaa.ldap; import java.util.ArrayList; import java.util.List; /** * @author qiankun.li * */ public class User { /** * 域账号 */ private String account; /** * 中文名称 */ private String userName; /** * email */ private String email; /** * 详细Dn */ private String distinguishedName; private List<String> memberList = new ArrayList<String>(0); public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public List<String> getMemberList() { return memberList; } public void setMemberList(List<String> memberList) { this.memberList = memberList; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public String getAccount() { return account; } public void setAccount(String account) { this.account = account; } public String getDistinguishedName() { return distinguishedName; } public void setDistinguishedName(String distinguishedName) { this.distinguishedName = distinguishedName; } }结合起来使用,ok,
附件是spring-ldap-reference.pdf文档,可以再详细研究