Spring ldap 操作
实现ldap结构如下
ou=groups为所有应用,ou=wiki为具体应用 ,cn=userGroup1为组,uniqueMember为对应的用户
1、添加依赖包
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>2.3.2.RELEASE</version>
</dependency>
2、定义LdapTemplate
~~删除<bean id ="sSLLdapContextSource" class="com.xxx.xxx.service.ldap.SSLLdapContextSource">
<property name="url" value="ldaps://xxxx:10636"/>
<property name="base" value="dc=xxx,dc=com"/>
<property name="userDn" value="uid=xxx,ou=users,ou=system"/>
<property name="password" value="xxx"/>
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg name="contextSource" ref="sSLLdapContextSource"/>
</bean>~~
<ldap:context-source
url="${ldap.url}"
base="dc=xxx,dc=com"
username="uid=acl,ou=users,ou=system"
password="${ldap.user.pwd}"/>
<ldap:ldap-template id="ldapTemplate"/>删除~~
3、SSLLdapContextSource(删除,不需要了)
~~public class SSLLdapContextSource extends LdapContextSource {
public Hashtable<String, Object> getAnonymousEnv() {
Hashtable<String, Object> anonymousEnv = super.getAnonymousEnv();
anonymousEnv.put("java.naming.security.protocol", "ssl");
anonymousEnv.put("java.naming.ldap.factory.socket", CustomSSLSocketFactory.class.getName());
anonymousEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
return anonymousEnv;
}
}~~
CustomSSLSocketFactory(删除,不需要了)
~~public class CustomSSLSocketFactory extends SSLSocketFactory {
private SSLSocketFactory socketFactory;
public CustomSSLSocketFactory() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{new DummyTrustmanager()}, new SecureRandom());
socketFactory = ctx.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace(System.err);
}
}
public static SocketFactory getDefault() {
return new CustomSSLSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return socketFactory.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return socketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket socket, String string, int num, boolean bool) throws IOException {
return socketFactory.createSocket(socket, string, num, bool);
}
@Override
public Socket createSocket(String string, int num) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num);
}
@Override
public Socket createSocket(String string, int num, InetAddress netAdd, int i) throws IOException, UnknownHostException {
return socketFactory.createSocket(string, num, netAdd, i);
}
@Override
public Socket createSocket(InetAddress netAdd, int num) throws IOException {
return socketFactory.createSocket(netAdd, num);
}
@Override
public Socket createSocket(InetAddress netAdd1, int num, InetAddress netAdd2, int i) throws IOException {
return socketFactory.createSocket(netAdd1, num, netAdd2, i);
}~~
4、LDAP操作服务
@Component("ldapGroupService")
public class LdapGroupService implements ILdapGroupService {
private final String dc = "xxx";
@Autowired
private LdapTemplate ldapTemplate;
/**
* 为项目应用添加group
* @param projectKey
*/
@Override
public void addProjectGroup(String projectKey) {
if(StringUtils.isBlank(projectKey)){
return;
}
Attributes ouAttributes = buildOUAttributes();
Name projectGroup = buildProjectGroupDn(projectKey);
ldapTemplate.bind(projectGroup,null, ouAttributes);
}
/**
* 添加应用角色group
* @param projectKey
* @param roleKey
*/
@Override
public void addProjectRoleGroup(String projectKey, String roleKey) {
if(StringUtils.isBlank(projectKey) || StringUtils.isBlank(roleKey)){
return;
}
Attributes ouAttributes = buildRoleGroupAttributes();
Name projectGroup = buildProjectRoleGroupDn(projectKey, roleKey);
ldapTemplate.bind(projectGroup,null, ouAttributes);
}
/**
* 校验项目对应的group是否存在
* @param projectKey
* @return
*/
@Override
public boolean isProjectGroupExist(String projectKey) {
if(StringUtils.isBlank(projectKey)){
return false;
}
try{
ldapTemplate.lookup(buildProjectGroupDn(projectKey));
} catch (NameNotFoundException e){
return false;
}
return true;
}
/**
* 校验项目应用的角色group是否存在
* @param projectKey
* @param roleKey
* @return
*/
@Override
public boolean isProjectRoleGroupExist(String projectKey, String roleKey) {
if(StringUtils.isBlank(projectKey) || StringUtils.isBlank(roleKey)){
return false;
}
try{
ldapTemplate.lookup(buildProjectRoleGroupDn(projectKey, roleKey));
} catch (NameNotFoundException e){
return false;
}
return true;
}
@Override
public boolean isProjectUserRoleGroupExist(String projectKey, String roleKey, String staffId) {
if(StringUtils.isBlank(projectKey) || StringUtils.isBlank(roleKey) || StringUtils.isBlank(staffId)){
return false;
}
Name projectRole = buildProjectRoleGroupDn(projectKey, roleKey);
Name userDn = buildPersonDn(staffId);
try {
DirContextOperations ctx = ldapTemplate.lookupContext(projectRole);
Object[] members = ctx.getObjectAttributes("uniqueMember");
if(members == null || members.length <= 0){
return false;
}
for(Object member : members){
if(member.equals(userDn.toString())){
return true;
}
}
}catch (Exception e){
return false;
}
return false;
}
/**
* 添加用户至项目角色group
* @param projectKey
* @param roleKey
* @param staffId
*/
@Override
public void addProjectRoleUser(String projectKey, String roleKey, String staffId) {
if(StringUtils.isBlank(projectKey) || StringUtils.isBlank(roleKey) || StringUtils.isBlank(staffId)){
return;
}
Name projectRole = buildProjectRoleGroupDn(projectKey, roleKey);
Name userDn = buildPersonDn(staffId);
DirContextOperations ctx = ldapTemplate.lookupContext(projectRole);
ctx.addAttributeValue("uniqueMember", userDn);
ldapTemplate.modifyAttributes(ctx);
}
/**
* 删除用户from项目角色group
* @param projectKey
* @param roleKey
* @param staffId
*/
@Override
public void removeProjectRoleUser(String projectKey, String roleKey, String staffId) {
if(StringUtils.isBlank(projectKey) || StringUtils.isBlank(roleKey) || StringUtils.isBlank(staffId)){
return;
}
Name projectRole = buildProjectRoleGroupDn(projectKey, roleKey);
Name userDn = buildPersonDn(staffId);
DirContextOperations ctx = ldapTemplate.lookupContext(projectRole);
ctx.removeAttributeValue("uniqueMember", userDn);
ldapTemplate.modifyAttributes(ctx);
}
private Name buildPersonDn(String staffId) {
return LdapNameBuilder.newInstance("dc=" + dc + ",dc=com")
.add("ou", "users")
.add("uid", staffId)
.build();
}
private Attributes buildOUAttributes(){
Attributes ouAttributes=new BasicAttributes();
BasicAttribute ouBasicAttribute=new BasicAttribute("objectclass");
ouBasicAttribute.add("organizationalUnit");
ouAttributes.put(ouBasicAttribute);
return ouAttributes;
}
private Attributes buildRoleGroupAttributes(){
Attributes attributes=new BasicAttributes();
BasicAttribute ouBasicAttribute=new BasicAttribute("objectclass");
ouBasicAttribute.add("groupOfUniqueNames");
BasicAttribute member=new BasicAttribute("uniqueMember");
member.add("uid=00000,ou=users,dc=xxx,dc=com");
attributes.put(ouBasicAttribute);
attributes.put(member);
return attributes;
}
private Name buildProjectRoleGroupDn(String project, String role) {
return LdapNameBuilder.newInstance()
.add("ou", "groups")
.add("ou", project)
.add("cn", role).build();
}
private Name buildProjectGroupDn(String groupName) {
return LdapNameBuilder.newInstance("ou=groups")
.add("ou", groupName).build();
}
}