配置yml
spring:
ldap:
urls: ldap://172.xx.xx.xxx:389/
base: cn=users,dc=node3,dc=com
username: cn=admin,dc=node3,dc=com
password: 123456
我这边采用的是openldap
urls:是ldap安装布署的地址:ldap默认的端口是389
base: cn=users,dc=node3,dc=com 解释:要操作dc=node3,dc=com下面的cn=users的文件夹下的数据,如下图所示:
username: cn=admin,dc=node3,dc=com 解释:cn=admin进行你的登录账号 dc=node3 dc=com 就是我用admin账号登录操作dc=node3,dc =com 这个文件
password:123456 解释: admin的密码
映射yml中的配置项
@Component
@Data
public class Parameters {
@Value("${spring.ldap.urls}")
public String URL;
@Value("${spring.ldap.base}")
public String BASEDN;
@Value("${spring.ldap.username}")
public String username;
@Value("${spring.ldap.password}")
public String password;
}
编写工具类
@Component
public class LdapTool {
@Autowired
private Parameters parameters;
private final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private LdapContext ctx = null;
private final Control[] connCtls = null;
public LdapContext LDAP_connect() {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
env.put(Context.PROVIDER_URL, parameters.URL + parameters.BASEDN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, parameters.username); // 管理员
env.put(Context.SECURITY_CREDENTIALS, parameters.password); // 管理员密码
try {
ctx = new InitialLdapContext(env, connCtls);
System.out.println( "连接成功" );
return ctx;
} catch (javax.naming.AuthenticationException e) {
System.out.println("连接失败:");
e.printStackTrace();
} catch (Exception e) {
System.out.println("连接出错:"+e.getMessage());
e.printStackTrace();
}
return null;
}
private void closeContext(){
if (ctx != null) {
try {
ctx.close();
}
catch (NamingException e) {
e.printStackTrace();
}
}
}
public String getUserDN(String uid) {
String userDN = "";
LDAP_connect();
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> en = ctx.search("", "uidNumber=" + uid, constraints);
if (en == null || !en.hasMoreElements()) {
System.out.println("未找到该用户");
}
// maybe more than one element
while (en != null && en.hasMoreElements()) {
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
userDN += si.getName();
userDN += "," + parameters.BASEDN;
} else {
System.out.println(obj);
}
}
} catch (Exception e) {
System.out.println("查找用户时产生异常。");
e.printStackTrace();
}
return userDN;
}
public boolean authenricate(String UID, String password) {
boolean valide = false;
String userDN = getUserDN(UID);
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
System.out.println(userDN + " 验证通过");
valide = true;
} catch (AuthenticationException e) {
System.out.println(userDN + " 验证失败");
System.out.println(e.toString());
valide = false;
} catch (NamingException e) {
System.out.println(userDN + " 验证失败");
valide = false;
}
closeContext();
return valide;
}
/**
* 获取用户信息
* @param
* @param basedn
* @return
*/
public List<LdapUser> readLdap(LdapContext ctx){
List<LdapUser> lm=new ArrayList<LdapUser>();
try {
if(ctx!=null){
//过滤条件
String filter = "(&(objectClass=*)(uid=*))";
String[] attrPersonArray = { "uid", "userPassword", "displayName", "cn", "sn", "mail", "description","uidNumber","gidNumber" };
SearchControls searchControls = new SearchControls();//搜索控件
searchControls.setSearchScope(2);//搜索范围
searchControls.setReturningAttributes(attrPersonArray);
//1.要搜索的上下文或对象的名称;2.过滤条件,可为null,默认搜索所有信息;3.搜索控件,可为null,使用默认的搜索控件
NamingEnumeration<SearchResult> answer = ctx.search("",filter.toString(),searchControls);
while (answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
LdapUser lu=new LdapUser();
while (attrs.hasMore()) {
Attribute attr = (Attribute) attrs.next();
if("userPassword".equals(attr.getID())){
Object value = attr.get();
lu.setUserPassword(new String((byte [])value));
}else if("uid".equals(attr.getID())){
lu.setUid(attr.get().toString());
}else if("displayName".equals(attr.getID())){
lu.setDisplayName(attr.get().toString());
}else if("cn".equals(attr.getID())){
lu.setCn(attr.get().toString());
}else if("sn".equals(attr.getID())){
lu.setSn(attr.get().toString());
}else if("mail".equals(attr.getID())){
lu.setMail(attr.get().toString());
}else if("description".equals(attr.getID())){
lu.setDescription(attr.get().toString());
}else if ("uidNumber".equals(attr.getID())){
lu.setUidNumber(attr.get().toString());
}else if ("gidNumber".equals(attr.getID())){
lu.setGidNumber(attr.get().toString());
}
}
if(lu.getUid()!=null) {
lm.add(lu);
}
}
}
}catch (Exception e) {
System.out.println("获取用户信息异常:");
e.printStackTrace();
}finally {
closeContext();
}
return lm;
}
}
controller层调用
@RestController
public class Mac {
@Autowired
private Parameters parameters;
@Autowired
LdapTool ldapTool;
@GetMapping("/long")
public String gerMessge(@RequestParam("userName") String userName,@RequestParam("password") String password){
LdapContext ldapContext = ldapTool.LDAP_connect();
if (ldapContext !=null){
if (ldapTool.authenricate(userName,password) == true){
return "登录成功";
}else{
return "登录失败";
}
}
return "LDAP服务调用失败";
}
@GetMapping("getUserAll")
public List<LdapUser> getUser(){
LdapContext ldapContext = ldapTool.LDAP_connect();
List<LdapUser> ldapUsers = ldapTool.readLdap(ldapContext);
return ldapUsers;
}
}