LDAP 身份验证

Question

我需要针对 ADS 对用户进行身份验证。在此之前，我需要从 ADS 获取用户和用户详细信息。我正在使用弹簧和 LDAP。谁能建议我这样做的好方法？举个例子会很有帮助。

Answer 1

我们需要所有必要的库。您可以使用此链接下载所有 jar 文件。 http://hotfile.com/dl/9807349/836e03e/final_jar_col.rar.html 这里包含了我们需要的所有文件，包括公共库、log4j 等。

创建以下类。所有的类都可以放在一个包目录中，你可以按照自己的方式添加到包中。

定义两个函数。一个是获取所有联系人姓名，另一个是获取联系人详细信息。

import java.util.List;

public interface ContactDAO {

    public List getAllContactNames();

    public List getContactDetails(String commonName);

}

LDAPContactDAO 实现定义的接口。

import java.util.List;

import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;

import org.springframework.ldap.AttributesMapper;
import org.springframework.ldap.LdapTemplate;
import org.springframework.ldap.support.DistinguishedName;
import org.springframework.ldap.support.filter.AndFilter;
import org.springframework.ldap.support.filter.EqualsFilter;

public class LDAPContactDAO implements ContactDAO{
    private LdapTemplate ldapTemplate;

    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    public List getAllContactNames() {
        return ldapTemplate.search("", "(objectClass=person)",
                new AttributesMapper() {
                    public Object mapFromAttributes(Attributes attrs)
                            throws NamingException {
                        return attrs.get("mail").get();
                    }
                });
    }

    public List getContactDetails(String objectclass){
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter("objectClass",objectclass));
        System.out.println("LDAP Query " + andFilter.encode());
        return ldapTemplate.search("", andFilter.encode(),new ContactAttributeMapper());

    }
}

springldap.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans>
    <bean id="contextSource"
        class="org.springframework.ldap.support.LdapContextSource">
        <property name="url" value="ldap://your.ldap.url:389" />
        <property name="base" value="base, be careful to put it right" />
        <property name="userName" value="your username" />
        <property name="password" value="password" />
    </bean>
    <bean id="ldapTemplate" class="org.springframework.ldap.LdapTemplate">
        <constructor-arg ref="contextSource" />
    </bean>
    <bean id="ldapContact"
        class="com.javaworld.sample.LDAPContactDAO">
        <property name="ldapTemplate" ref="ldapTemplate" />
    </bean>
</beans>

ContactAttributeMapper

import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;

import org.springframework.ldap.AttributesMapper;

public class ContactAttributeMapper implements AttributesMapper{

    public Object mapFromAttributes(Attributes attributes) throws NamingException {
        ContactDTO contactDTO = new ContactDTO();

        Attribute mail = attributes.get("mail");
        Attribute sap = attributes.get("employeeNumber");
        if(mail != null)
            contactDTO.setMail((String)mail.get());
        if(sap != null)
            contactDTO.setSap((String)sap.get());

        return contactDTO;
    }

}

联系DTO

public class ContactDTO {

    String mail;
    String sap;
    public String getSap() {
        return sap;
    }
    public void setSap(String sap) {
        this.sap = sap;
    }
    public String getMail() {
        return mail;
    }
    public void setMail(String mail) {
        this.mail = mail;
    }

    public String toString() {
        StringBuffer contactDTOStr = new StringBuffer("Person=[");

        contactDTOStr.append(" mail = " + mail);
        contactDTOStr.append(" ]");
        return contactDTOStr.toString();
    }
}

测试类：SpringFrameworkLDAPClient

import java.util.List;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;
import org.springframework.dao.DataAccessException;

public class SpringFrameworkLDAPClient {

    public static void main(String[] args) {
        //Resource resource = new ClassPathResource("/SpringLDAPClient/src/com/javaworld/sample/springldap.xml");
        //System.out.println(resource.toString());
        try {
            Resource resource = new ClassPathResource("springldap.xml");
            BeanFactory factory = new XmlBeanFactory(resource);
            System.out.println(factory.toString() + "\n");

            ContactDAO ldapContact = (LDAPContactDAO)factory.getBean("ldapContact");    

            List contactList = ldapContact.getContactDetails("30662");
            //List contactList =ldapContact.getAllContactNames();
            //System.out.println(contactList.size());
            int count = 0;
            for( int i = 0 ; i < contactList.size(); i++){
                System.out.print("Email: " + ((ContactDTO) contactList.get(i)).getMail() + "  ");
                System.out.println("SAP: " + ((ContactDTO) contactList.get(i)).getSap());
                count++;
            }
            System.out.println("\n" + count);

        } catch (DataAccessException e) {
            System.out.println("Error occured " + e.getCause());
        }
    }
}

首先使用 Active Directory Explorer 获取您的域的详细信息。然后相应地执行上述操作。