系统需求需要对接客户方的ldap服务器,仅作为登录使用,不需要获取信息。
配置项:
# ldap
ldap:
# 服务地址
host: xx.xx.xx.xx
# 服务端口
port: 9999
# searchBase: DC=搜索域,DC=com # 搜索域节点 仅登录不使用该配置
# searchFilter: cn # 搜索的属性 仅登录不使用该配置
suffix: "@xxx.com" # 域账号后缀
实现方法:
@Value("${ldap.host}")
private String ldapHost;
@Value("${ldap.port}")
private String ldapPort;
@Value("${ldap.suffix}")
private String ldapSuffix;
public String ldapLogin(LoginUserAO loginUserAO,HttpServletRequest httpServletRequest){
// 获取用户名密码
String username = loginUserAO.getUsername();
String password = loginUserAO.getPassword();
log.info(">>ldap-登录开始..");
// 检测配置
if (StringUtils.isEmpty(ldapHost) || StringUtils.isEmpty(ldapPort) || StringUtils.isEmpty(ldapSuffix)){
log.error("ldap-登录失败,ldap配置异常;ldapHost:{}, ldapPort:{}, ldapSuffix:{}",
ldapHost, ldapPort, ldapSuffix);
throw new BusinessException("ldap登录失败,ldap配置异常");
}
// ldap URL
final String ldapURL = "ldap://" + ldapHost + ":" + ldapPort;
// 检测用户名是否带后缀,不带则加上
if (!username.endsWith(ldapSuffix)) {
username = username + ldapSuffix;
}
log.info("{} access ldap :{} ", username, ldapURL);
Hashtable env = new Hashtable();
LdapContext ldapContext = null;
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
/**ldap登录,如果有异常说明登录失败*/
try {
// 获取ldap链接,获取成功即登录验证成功
ldapContext = new InitialLdapContext(env, null);
log.info("ldapContext:" + ldapContext);
// 去除用户名后缀
if (username.endsWith(ldapSuffix)) {
username = username.substring(0,username.indexOf(ldapSuffix));
}
// 获取并验证用户信息
LoginUser loginUser = (LoginUser)userDetailsService.loadUserByUsername(username);
// 生成令牌
String token = tokenService.createToken(loginUser);
return token;
} catch (AuthenticationException e) {
log.error("域登录身份验证失败");
e.printStackTrace();
throw new BusinessException("域登录身份验证失败");
} catch (javax.naming.CommunicationException e) {
log.error("ldap域连接失败");
e.printStackTrace();
throw new BusinessException("ldap域连接失败");
} catch (Exception err) {
log.error("异常信息未知");
err.printStackTrace();
throw new BusinessException("异常信息未知");
} finally {
if (null != ldapContext) {
try {
ldapContext.close();
} catch (Exception e) {
log.error("InitialDirContext 关闭异常..");
e.printStackTrace();
}
}
}
}
大功告成!