此文档通过sAMAccountName来验证(一般登录的username其实是sAMAccountName)
1 ldap基础知识可通过以下文档来了解
https://www.cnblogs.com/wilburxu/p/9174353.html
2 配置pom文件
maven官网
https://mvnrepository.com/
<!-- https://mvnrepository.com/artifact/org.springframework.ldap/spring-ldap-core -->
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>2.3.2.RELEASE</version>
</dependency>
3 yml文件敏感信息我已做处理,基础弱的同学请借助第一步来配置
# 配置ldap连接:dn一条记录的位置(唯一),
# ou组织单位,组织单位可以包含其他各种对象(包括其他组织单元),如“oa组”(一条记录的所属组织),
# dc域名,url地址和端口(默认389),pwd密码
ldap:
user:
info:
dn: "cn=abc,ou=abc,dc=baidu,dc=com"
base: "dc=baidu,dc=com"
url: "ldap://127.0.0.1:389"
pwd: "写自己的密码"
4 配置config
package com.itl.iap.auth.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.AuthenticationSource;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
/**
* 2020/7/20 20:10
* ldap ldapTemplate 初始化
* @author hasee
*/
@Configuration
public class LdapConfig {
@Value("${ldap.user.info.dn}")
private String dn;
@Value("${ldap.user.info.base}")
private String base;
@Value("${ldap.user.info.url}")
private String url;
@Value("${ldap.user.info.pwd}")
private String pwd;
@Bean
public LdapTemplate ldapTemplate() {
LdapContextSource cs = new LdapContextSource();
cs.setCacheEnvironmentProperties(false);
cs.setUrl(url);
cs.setAuthenticationSource(new AuthenticationSource() {
@Override
public String getCredentials() {
return pwd;
}
@Override
public String getPrincipal() {
return dn;
}
});
return new LdapTemplate(cs);
}
}
5 验证用户名和密码的正确性
EqualsFilter filter = new EqualsFilter("sAMAccountName",request.getParameter("username"));
ldapTemplate.setIgnorePartialResultException(true);
boolean flag = ldapTemplate.authenticate(base, filter.toString(), request.getParameter("password"));
System.out.println("验证解结果true代表正确:"+flag);
6 main方法来啦
package com.itl.iap.auth.util;
import org.springframework.ldap.core.AuthenticationSource;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.EqualsFilter;
public class Demo2 {
public static void main(String[] args) {
authenticate("abc","abc");// TODO 换成你自己要验证的数据
}
public static void authenticate(String userCn, String pwd) {
LdapContextSource cs = new LdapContextSource();
cs.setCacheEnvironmentProperties(false);
cs.setUrl("ldap://127.0.0.1:389");// TODO 换成你自己要验证的url
cs.setAuthenticationSource(new AuthenticationSource() {
@Override
public String getCredentials() {
return "abc";// TODO 连接密码
}
@Override
public String getPrincipal() {
return "cn=abc,ou=abc,dc=baidu,dc=com";// TODO 连接dn(唯一的,可在客户端看到)
}
});
LdapTemplate ldapTemplate = new LdapTemplate(cs);
try {
EqualsFilter filter = new EqualsFilter("sAMAccountName",userCn);
ldapTemplate.setIgnorePartialResultException(true);
boolean flag = ldapTemplate.authenticate("dc=baidu,dc=com", filter.toString(), pwd);
System.out.println("验证解结果true代表正确:"+flag);
} catch (Exception e) {
e.printStackTrace();
}
}
}