Spring Ldap 与域认证

近段时间接触了一个项目,用户认证部分是通过域认证的方式,我们的项目是用Java语言开发的,在以前从未接触过这方面的知识,首先了解了这个域的概念,然后去看这个域到低是个什么样的东西.登录到域服务器,一看,哦,原来是一活动目录(Active Directory),这下看到了它的全部面目,通过查询,还看到了我的名字也在这个域服务器上,顿时感觉到很新奇,再后来又知道了,域服务器除了AD,之外还有专门的服务器Open Ldap,还有其它的几个,在这里我就不写了,基本知道了这些东西后,通过查资料,知道了spring ldap 已很好的支持对域服务器的访问,我们的项目也采用了Spring 框架,于是下载了Spring-Ldap 1.3 这个版本的所有文档,开始研究,基本上还都能看懂,最主要是有例子,最终也通过写程序实现了,但我想通过Spring 的配置来实现,但在文档中没有找到相关说明,用户登录的信息肯定是动态的,如果只把用户名和密码配置在Spring 的配置文件中,通过这个配置也能查询其它用户信息,但毕竟不是最好的办法,后来通过仔细的研究,发现可以通过实现AuthenticationSource接口,动态的注入用户名和密码,总体的实现方式如下:

<!-- spring ldap source配置 -->
 <bean id="ContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="url" value="ldap://ptr.petrochina:389" />
  <property name="base" value="dc=ptr,dc=petrochina" />
  <property name="referral" value="follow"></property> //让我折腾了很久的地方
  <property name="authenticationSource" ref="AuthenticationSource" />
 </bean>
 <bean id="AuthenticationSource"
  class="org.springframework.ldap.authentication.DefaultValuesAuthenticationSourceDecorator">
  <property name="target" ref="SpringSecurityAuthenticationSource" />
  <property name="defaultUser" value="***@petrochina.com.cn" />
  <property name="defaultPassword" value="***" />
 </bean>
 <bean id="SpringSecurityAuthenticationSource"
  class="com.BRM.right.component.LdapAuthenticationSource" />
 <bean id="LdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
  <constructor-arg ref="ContextSource" />
 </bean>

<!-- spring ldap source配置结束 -->

实现AuthenticationSource接口
package com.BRM.right.component;

import org.springframework.ldap.core.AuthenticationSource;

public class LdapAuthenticationSource implements AuthenticationSource {

 private static ThreadLocal login = new ThreadLocal();
 private static ThreadLocal password = new ThreadLocal();

 public static void setLogin(String login) {
  LdapAuthenticationSource.login.set(login);
 }

 public static void setPassword(String password) {
  LdapAuthenticationSource.password.set(password);
 }

 public String getPrincipal() {
  String login = (String) LdapAuthenticationSource.login.get();
  if (login == null || "".equals(login)) {
   return null;
  }
  return login;
 }

 public String getCredentials() {
  String password = (String) LdapAuthenticationSource.password.get();
  if (password == null || "".equals(password)) {
   return null;
  }
  return password;
 }

}

记住要设置值:

LdapAuthenticationSource.setLogin(loginForm.getUserName()+"@petrochina.com.cn");
LdapAuthenticationSource.setPassword(loginForm.getPassword());

验证用户密码是否正确的方法:

AndFilter filter = new AndFilter();
  filter.and(new EqualsFilter("userprincipalname", userprincipalname));
  return ldapTemplate.authenticate("", filter.toString(), password);

由用户查询结果:

public List findInfoByUserPrincipalName(String userprincipalname) {
  AndFilter filter = new AndFilter();
  // filter.and(new EqualsFilter("objectclass", "*"));
  filter.and(new EqualsFilter("userprincipalname", userprincipalname));

  return ldapTemplate.search(DistinguishedName.EMPTY_PATH, filter
    .encode(), new LdapUserMapper());
 }

 

实现接口AttributesMapper
private class LdapUserMapper implements AttributesMapper {
  public Object mapFromAttributes(Attributes attrs) {
   LdapUserBean user = new LdapUserBean();

   String yhm = "", yhmqc = "", email = "", dn = "", szdw = "";
   String[] memberOf = null;
   try {
    yhm = (String) attrs.get("samaccountname").get();
   } catch (Exception e) {
    
   }
   try {
    yhmqc = (String) attrs.get("cn").get();
   } catch (Exception e) {
    
   }

   try {
    email = (String) attrs.get("mail").get();
   } catch (Exception e) {
    
   }
   try {
    dn = (String) attrs.get("distinguishedname").get();
   } catch (Exception e) {
    
   }
   try {
    szdw = (String) attrs.get("company").get();
   } catch (Exception e) {
    
   }
   try {
    NamingEnumeration temp = attrs.get("memberof").getAll();
    List list = new ArrayList();
    while (temp.hasMoreElements()) {
     String t = temp.nextElement().toString();
     list.add(t);
    }
    // System.out.println(attrs.get("memberof").getAll());
    if (list != null) {
     memberOf = (String[]) list.toArray(new String[0]);
    }

   } catch (Exception e) {
    
   }

   user.setYhm(yhm);
   user.setYhmqc(yhmqc);
   user.setEmail(email);
   user.setDisginguishedname(dn);
   user.setSzdw(szdw);
   user.setMemberof(memberOf);
   return user;
  }
 }

 

public class LdapUserBean {
 
 private String yhm;
 
 private String yhmqc;
 
 private String szdw;
 
 private String email;
 
 private String bz;
 

 private String disginguishedname;
 

 private String[] memberof;
 
 private String userprincipalname; //xujzh@petrochina.com.cn

 public String getYhm() {
  return yhm;
 }

 public void setYhm(String yhm) {
  this.yhm = yhm;
 }

 public String getYhmqc() {
  return yhmqc;
 }

 public void setYhmqc(String yhmqc) {
  this.yhmqc = yhmqc;
 }

 public String getSzdw() {
  return szdw;
 }

 public void setSzdw(String szdw) {
  this.szdw = szdw;
 }

 public String getEmail() {
  return email;
 }

 public void setEmail(String email) {
  this.email = email;
 }

 public String getBz() {
  StringBuffer bs=new StringBuffer();
  for(int i=0;i<memberof.length;i++){
   bs.append(memberof[i]);
  }
  bs.append("用户所在路径:"+disginguishedname);
  this.bz = bs.toString();
  return bz;
 }

 public void setBz(String bz) {
  this.bz=bz;
 }

 public String getDisginguishedname() {
  return disginguishedname;
 }

 public void setDisginguishedname(String disginguishedname) {
  this.disginguishedname = disginguishedname;
 }

 public String[] getMemberof() {
  return memberof;
 }

 public void setMemberof(String[] memberof) {
  this.memberof = memberof;
 }

 public String getUserprincipalname() {
  return userprincipalname;
 }

 public void setUserprincipalname(String userprincipalname) {
  this.userprincipalname = userprincipalname;
 }
 
 
}

 

罗列了这么多代码,也算是自己作一个记录吧.当然了还有很多实现方式,只不过这种实现方式自我感觉很良好.总体来说吧自己水平有限,请看到这文章的大侠们多提意见.