【问题标题】:Retrieve Full name or Display name from LDAP server using AD and Apache shiro使用 AD 和 Apache shiro 从 LDAP 服务器检索全名或显示名
【发布时间】:2018-03-20 13:50:01
【问题描述】:

我正在尝试针对 LDAP 服务器验证一组凭据,并且我能够成功验证它们。现在我正在尝试获取登录到服务器的用户的全名或显示名称。我无法得到同样的结果。作为 LDAP 概念的新手,我无法找到获取用户完整显示名称的方法。有人可以帮助我如何获取登录用户的完整显示名称。

下面是正在使用的 shiro.ini 文件:

[main]
activeDirectoryRealm = 
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
activeDirectoryRealm.systemUsername = adminusername
activeDirectoryRealm.systemPassword = adminpswd
activeDirectoryRealm.searchBase = "OU=User Accounts,DC=dmn,DC=net"
activeDirectoryRealm.url = ldaps://localhost:389

我的Java代码如下:

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ExampleActiveDirectory {


public static final String userName = "myusername";
public static final String password = "mypassword";

public static void main(String[] args)
{
    //Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini");
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\shiro.ini");
    SecurityManager securityManager = factory.getInstance();
    SecurityUtils.setSecurityManager( securityManager );
    System.out.println( "userName is  : " +userName);
    System.out.println( "password is  : " +password);
    UsernamePasswordToken token = new UsernamePasswordToken( userName,password );
    Subject currentUser = SecurityUtils.getSubject();
    try
    {
        //currentUser.login( token ) ;
        securityManager.login(currentUser,token).isAuthenticated();
        System.out.println( "We've authenticated! :)" );
    }
    catch ( AuthenticationException e )
    {
        System.out.println( "We did not authenticate :(" );
        e.printStackTrace();
    }

   }
}

【问题讨论】:

  • currentUser.getPrincipal() 会给你smth。就像用户 john doe 的 j.doe 一样,以防您搜索它。否则,请提供您希望看到的示例结果。
  • 我正在寻找类似的结果:如果我输入用户名作为 jdoe,则代码需要提供输出,例如 - john doe
  • 那么我认为你需要扩展 Shiro 的 ActiveDirectoryRealm 类并查看它的方法“getRoleNamesForUser”。使用 searchBase 和 searchFilter 在 AD 上执行搜索以检索结果。在这种情况下,您可以编写自己的方法,该方法使用搜索库和过滤器,然后查找属性“name”而不是“memberOf”。此属性应为您提供所需的值。

标签: java active-directory ldap shiro


【解决方案1】:

感谢您的信息。 链接-http://www.deepakgaikwad.net/index.php/2009/09/24/retrieve-basic-user-attributes-from-active-directory-using-ldap-in-java.html

找到如下解决方案:

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import org.apache.shiro.web.tags.UserTag;

public class RetrieveUserAttributes {

public static void main(String[] args) {
    RetrieveUserAttributes retrieveUserAttributes = new RetrieveUserAttributes();
    retrieveUserAttributes.getUserBasicAttributes("username", retrieveUserAttributes.getLdapContext());
}

public LdapContext getLdapContext(){
    LdapContext ctx = null;
    try{
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.SECURITY_AUTHENTICATION, "Simple");
        env.put(Context.SECURITY_PRINCIPAL, "adminusername");
        env.put(Context.SECURITY_CREDENTIALS, "adminpswrd");
        env.put(Context.PROVIDER_URL, "ldaps://localhost:389");
        ctx = new InitialLdapContext(env, null);
        System.out.println("Connection Successful.");
    }catch(NamingException nex){
        System.out.println("LDAP Connection: FAILED");
        nex.printStackTrace();
    }
    return ctx;
}

UserTag getUserBasicAttributes(String username, LdapContext ctx) {
    UserTag user=null;
    try {

        SearchControls constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        String[] attrIDs = { "distinguishedName",
                "sn",
                "givenname",
                "mail",
                "telephonenumber"};
        constraints.setReturningAttributes(attrIDs);
        //First input parameter is search bas, it can be "CN=Users,DC=YourDomain,DC=com"
        //Second Attribute can be uid=username
        NamingEnumeration answer = ctx.search("DC=domain,DC=com", "sAMAccountName="
                + "username", constraints);
        if (answer.hasMore()) {
            Attributes attrs = ((SearchResult) answer.next()).getAttributes();
            System.out.println("distinguishedName "+ attrs.get("distinguishedName"));
            System.out.println("givenname "+ attrs.get("givenname"));
            System.out.println("sn "+ attrs.get("sn"));
            System.out.println("mail "+ attrs.get("mail"));
            System.out.println("telephonenumber "+ attrs.get("telephonenumber"));
        }else{
            throw new Exception("Invalid User");
        }

    } catch (Exception ex) {
        ex.printStackTrace();
    }
    return user;
}

}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-02-14
    • 2012-06-23
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2014-04-25
    相关资源
    最近更新 更多