某天,老大说,给我一个需求,支持LDAP用户登录,一听,哇,这是啥 啥 啥。经过刻苦努力Ctrl+C/V,终于搞出来了,上代码!
了解一下,LDAP(Lightweight Directory Access Protocol)即轻型目录访问协议,是一个协议。
个人觉得这个写的欧克,传送门 好了,来先说ldap用户登录认证吧
public LdapContext checkLdapLogin(String userCode, String password){
userCode = userCode.indexOf(dirContextConfig.getDomain()) > 0 ? userCode : userCode + domain;
Hashtable env = new Hashtable();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
env.put("com.sun.jndi.ldap.connect.timeout", "5000");
env.put(Context.SECURITY_PRINCIPAL, userCode);
env.put(Context.SECURITY_CREDENTIALS, password);
logger.info("LDAP用户登录校验{}:账号{},密码{}。",url, userCode, password);
try {
ldapContext = new InitialLdapContext(env, controls);
logger.info(dirContextConfig.getManager() + " 身份认证成功");
} catch(AuthenticationException var6) {
sout("LDAP身份验证失败");
} catch(CommunicationException var7) {
sout("AD域连接失败");
} catch(Exception var8) {
sout("LDAP身份验证失败");
}
return ldapContext;
}
一般用到ldap协议那就是为了实现一个账号可登录多个平台嘛,免去一个平台就要创建一个账号的麻烦,因此,当第三方系统接入时候,大部分会同步域用户到当前系统,那,就来同步用户吧,嘿嘿 这里要注意一点,ldap默认查询自带分页,一次1000条,因此,需要分页查询: LdapContext 中自带查询,cookie中会包含页面查询信息
public List<UserInfo> getLdapUsers(String searchFilter, String searchBase, String filterType){
List<UserInfo> adUserList = new ArrayList();
if(StringUtil.isEmpty(searchBase)){
searchBase = dirContextConfig.getDomain();
}else{
if(searchBase.startsWith("@")){
String[] dcArray = searchBase.substring(1).split("\\.");
searchBase = "DC=" + dcArray[0] + ",DC=" + dcArray[1];
}
}
String[] returnedAtts = DEFAULT_LDAP_RETURNEDATTS.split(",");
if(StringUtil.isEmpty(searchBase) || StringUtils.isEmpty(searchFilter)){
throw new UserAuthException(AuthExceptionEnum.LDAP_QUERY_WARRING);
}
checkLdapLogin(dirContextConfig.getManager(), dirContextConfig.getPassword());
try {
int pageSize = 999 ;
int totalResults = 0;
byte[] cookie = null;
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAtts);
ldapContext.setRequestControls(new Control[]{new PagedResultsControl(pageSize, Control.CRITICAL)});
do {
NamingEnumeration search = ldapContext.search(searchBase, searchFilter, searchCtls);
if(search == null || !search.hasMoreElements()) {
logger.info("未查询到LDAP用户");
return adUserList;
}
while(search != null && search.hasMoreElements()) {
totalResults++;
SearchResult searchResult = (SearchResult)search.next();
if(StringUtil.isEmpty(filterType)){
NamingEnumeration attrs = searchResult.getAttributes().getAll();
adUserList.add(dealAttrs(attrs));
}else {
String name = searchResult.getName();
if(name.toUpperCase().contains(filterType.toUpperCase())) {
NamingEnumeration attrs = searchResult.getAttributes().getAll();
adUserList.add(dealAttrs(attrs));
}
}
}
cookie = parseControls(ldapContext.getResponseControls());
ldapContext.setRequestControls(new Control[]{new PagedResultsControl(pageSize, cookie, Control.CRITICAL)});
} while((cookie != null) && (cookie.length != 0));
logger.info("总数={}", totalResults);
} catch(Exception var22) {
try {
throw new Exception("-100");
} catch(Exception e) {
e.printStackTrace();
}
} finally {
try {
ldapContext.close();
return adUserList;
} catch(Exception var21) {
var21.printStackTrace();
}
}
return adUserList;
}
|