51工具盒子

依楼听风雨
笑看云卷云舒,淡观潮起潮落
当前位置:工具盒子 > 经验分享 > 正文

Java实现LDAP登录

2024-12-12 分类:经验分享 阅读(93) 评论(0)

  LDAP的全称是Lightweight Directory Access Protocol(轻量级目录访问协议),是一种用于访问和管理分布式目录信息服务的应用协议。LDAP通常用于存储用户、组和其他组织信息,提供对这些信息的快速查询和管理。

  LDAP 是基于X.500标准的一个简化版本,使用更简单的网络协议(如 TCP/IP)来实现,定义了客户端如何与目录服务交互,如添加、删除、修改或查询目录信息。

例:

Java原生支持LDAP协议,通过管理员账户adminDnadminPassword连接LDAP服务器,并搜索用户的DN,验证用户凭据,再检查输入的密码是否正确。使用SSL加密(ldaps://)时,要提前安装证书到jdk的信任目录内


import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.io.InputStream;
import java.util.Hashtable;
import java.util.Map;

import lombok.extern.slf4j.Slf4j;


@Slf4j
public class LdapVerify {


<span class="token keyword">public</span> <span class="token keyword">boolean</span> <span class="token function">connehct</span><span class="token punctuation">(</span><span class="token class-name">String</span> username<span class="token punctuation">,</span> <span class="token class-name">String</span> password<span class="token punctuation">)</span> <span class="token punctuation">{</span>

    <span class="token class-name">String</span> ip <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> port <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> timeOut <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> adminDn <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> adminPassword <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> url <span class="token operator">=</span> <span class="token class-name">String</span><span class="token punctuation">.</span><span class="token function">format</span><span class="token punctuation">(</span><span class="token string">"ldaps://%s:%s"</span><span class="token punctuation">,</span> ip<span class="token punctuation">,</span> port<span class="token punctuation">)</span><span class="token punctuation">;</span>


    <span class="token comment">// 1. 建立与 LDAP 的连接</span>
    <span class="token class-name">Hashtable</span><span class="token generics"><span class="token punctuation"><</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">String</span><span class="token punctuation">></span></span> env <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">Hashtable</span><span class="token generics"><span class="token punctuation"><</span><span class="token punctuation">></span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">INITIAL_CONTEXT_FACTORY</span><span class="token punctuation">,</span> <span class="token string">"com.sun.jndi.ldap.LdapCtxFactory"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">PROVIDER_URL</span><span class="token punctuation">,</span> url<span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_AUTHENTICATION</span><span class="token punctuation">,</span> <span class="token string">"simple"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_PRINCIPAL</span><span class="token punctuation">,</span> adminDn<span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_CREDENTIALS</span><span class="token punctuation">,</span> adminPassword<span class="token punctuation">)</span><span class="token punctuation">;</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_PROTOCOL</span><span class="token punctuation">,</span> <span class="token string">"ssl"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 启用 LDAPS</span>
    env<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"com.sun.jndi.ldap.connect.timeout"</span><span class="token punctuation">,</span> <span class="token string">"3000"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

    <span class="token keyword">try</span> <span class="token punctuation">{</span>
        <span class="token class-name">LdapContext</span> ldapContext <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">InitialLdapContext</span><span class="token punctuation">(</span>env<span class="token punctuation">,</span> <span class="token keyword">null</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token comment">// 2. 查找用户的完整 DN</span>
        <span class="token class-name">String</span> searchBase <span class="token operator">=</span> <span class="token string">"OU=All Users,DC=demo,DC=com"</span><span class="token punctuation">;</span> <span class="token comment">// 搜索起点</span>
        <span class="token class-name">String</span> searchFilter <span class="token operator">=</span> <span class="token string">"(sAMAccountName="</span> <span class="token operator">+</span> username <span class="token operator">+</span> <span class="token string">")"</span><span class="token punctuation">;</span> <span class="token comment">// 根据用户名查找</span>
        <span class="token class-name">SearchControls</span> searchControls <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">SearchControls</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        searchControls<span class="token punctuation">.</span><span class="token function">setSearchScope</span><span class="token punctuation">(</span><span class="token class-name">SearchControls</span><span class="token punctuation">.</span><span class="token constant">SUBTREE_SCOPE</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token class-name">NamingEnumeration</span><span class="token generics"><span class="token punctuation"><</span><span class="token class-name">SearchResult</span><span class="token punctuation">></span></span> results <span class="token operator">=</span> ldapContext<span class="token punctuation">.</span><span class="token function">search</span><span class="token punctuation">(</span>searchBase<span class="token punctuation">,</span> searchFilter<span class="token punctuation">,</span> searchControls<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span>results<span class="token punctuation">.</span><span class="token function">hasMore</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token class-name">SearchResult</span> result <span class="token operator">=</span> results<span class="token punctuation">.</span><span class="token function">next</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            <span class="token class-name">String</span> userDn <span class="token operator">=</span> result<span class="token punctuation">.</span><span class="token function">getNameInNamespace</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            log<span class="token punctuation">.</span><span class="token function">info</span><span class="token punctuation">(</span><span class="token string">"LDAP登录, 找到用户 DN: "</span> <span class="token operator">+</span> userDn<span class="token punctuation">)</span><span class="token punctuation">;</span>

            <span class="token comment">// 3. 验证用户密码</span>
            <span class="token class-name">Hashtable</span><span class="token generics"><span class="token punctuation"><</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">String</span><span class="token punctuation">></span></span> userEnv <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">Hashtable</span><span class="token generics"><span class="token punctuation"><</span><span class="token punctuation">></span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">INITIAL_CONTEXT_FACTORY</span><span class="token punctuation">,</span> <span class="token string">"com.sun.jndi.ldap.LdapCtxFactory"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">PROVIDER_URL</span><span class="token punctuation">,</span> url<span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_AUTHENTICATION</span><span class="token punctuation">,</span> <span class="token string">"simple"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_PRINCIPAL</span><span class="token punctuation">,</span> userDn<span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_CREDENTIALS</span><span class="token punctuation">,</span> password<span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">Context</span><span class="token punctuation">.</span><span class="token constant">SECURITY_PROTOCOL</span><span class="token punctuation">,</span> <span class="token string">"ssl"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            userEnv<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"com.sun.jndi.ldap.connect.timeout"</span><span class="token punctuation">,</span> <span class="token string">"3000"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

            <span class="token keyword">try</span> <span class="token punctuation">{</span>
                <span class="token keyword">new</span> <span class="token class-name">InitialLdapContext</span><span class="token punctuation">(</span>userEnv<span class="token punctuation">,</span> <span class="token keyword">null</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                log<span class="token punctuation">.</span><span class="token function">info</span><span class="token punctuation">(</span><span class="token string">"LDAP登录, 用户验证成功 {}"</span><span class="token punctuation">,</span> username<span class="token punctuation">)</span><span class="token punctuation">;</span>
                <span class="token keyword">return</span> <span class="token boolean">true</span><span class="token punctuation">;</span>
            <span class="token punctuation">}</span>
            <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
                log<span class="token punctuation">.</span><span class="token function">error</span><span class="token punctuation">(</span><span class="token string">"LDAP登录, 用户验证失败"</span><span class="token punctuation">,</span> username<span class="token punctuation">)</span><span class="token punctuation">;</span>
                <span class="token keyword">return</span> <span class="token boolean">false</span><span class="token punctuation">;</span>
            <span class="token punctuation">}</span>

        <span class="token punctuation">}</span>

        log<span class="token punctuation">.</span><span class="token function">error</span><span class="token punctuation">(</span><span class="token string">"LDAP登录, 找不到用户 DN {} "</span><span class="token punctuation">,</span> username<span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token keyword">return</span> <span class="token boolean">false</span><span class="token punctuation">;</span>

    <span class="token punctuation">}</span>
    <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">NamingException</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        log<span class="token punctuation">.</span><span class="token function">error</span><span class="token punctuation">(</span><span class="token string">"LDAP登录, 找用户异常 DN {} {} "</span><span class="token punctuation">,</span> username<span class="token punctuation">,</span> e<span class="token punctuation">.</span><span class="token function">getMessage</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> e<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> <span class="token boolean">false</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

<span class="token punctuation">}</span>



}

赞(8)
未经允许不得转载:工具盒子 » Java实现LDAP登录
标签:

厉飞雨

众生皆苦,唯有自渡!

相关推荐

最新文章

猜你喜欢

快捷分类

云服务器 日常运维 在线免费 开源工具 科学上网 开发笔记 区块链 白嫖帮 新视野 人工智能 网赚思路 Python笔记 Php笔记 Java笔记 链知识 币知识 IOS笔记 Android笔记 Mysql C语言笔记 前端开发 R笔记 Go笔记 mybatis笔记 Golang笔记 数据库 市场营销 软件教程 vps Rust笔记 软件使用 经验分享 Stable Diffusion chatgpt Midjourney 操作系统 Photoscape 加密货币 挖矿 Coze Meta 网络安全 网络运营 开源软件 Github ComfyUI 数字人 Docker笔记 Claude Oracle web3 linux windows mac redis git笔记 nginx kafka maven spring RocketMQ Zabbix ubuntu centos kubesphere ffmpeg jenkins hbase JavaScript笔记 WordPress nginx Hadoop vuejs mongo SQL Server PostgreSQL SQLite ElasticSearch Spark netty zookeeper RabbitMQ ClickHoust cocos2d gradle tomcat Markdown MinIO react Hexo git intellij idea android studio svn C++ spdlog nodejs C WordPress 宝塔面板 vim shell logstash 软件渗透 NeoDB CSS3 HTML Lua笔记 数据算法 嵌入式 debian 红帽RHEL Neo4j jquery nas 1panel aapanel 浏览器 谷歌 .net 微信 telegram Cloudflare 大数据 rust layui JumpServer DataEase TiDB DM数据库 虚拟机 elk sqlmap nacos Firefox C# Swagger Foxmail navicat DeepSeek