时间戳

首页 > 解决方案 > Java SprinBoot 安全性 + Active Directory 属性

java - Java SprinBoot 安全性 + Active Directory 属性

问题描述

我在我的网络应用程序上使用 Java + SpringBoot Security 进行自动化。贝娄正在工作配置,没有索赔)

我的问题:

  1. 我可以使用这种方式连接到 AD 以获取用户的 AD 属性(例如 sAMAccountName、邮件)吗?
  2. 是否可以通过 AD 组设置访问权限?

如果我正确理解 AuthenticationManagerBuilder 只是连接到 AD。

@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/home", "/logout/**","/logout-success","/login/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .and()
                .logout()
                .permitAll();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception {
        authBuilder
                .ldapAuthentication()
                .userSearchFilter("(sAMAccountName={0})")
                .userSearchBase("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchBase("OU=Groups,OU=nsk,DC=regions,DC=office,DC=ru")
                .groupSearchFilter("member={0}")
                .contextSource()
                .url("ldap://regions.office.ru:389")
                .managerDn("CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru")
                .managerPassword("passw");
    }
}

标签: javaspring-securityactive-directory

解决方案

按属性 (displayName) 搜索域中的所有用户。

public class LdapSearch {
public List<String> getAllPersonNames() {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://regions.office.ru:389");
    env.put(Context.SECURITY_PRINCIPAL, "CN=ldap_user_ro,OU=Service,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru");
    env.put(Context.SECURITY_CREDENTIALS, "password");

    DirContext ctx;
    try {
        ctx = new InitialDirContext(env);
    } catch (NamingException | javax.naming.NamingException e) {
        throw new RuntimeException(e);
    }

    List<String> list = new LinkedList<String>();
    NamingEnumeration results = null;
    try {
        SearchControls controls = new SearchControls();
        controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        results = ctx.search("OU=Active,OU=Users,OU=nsk,DC=regions,DC=office,DC=ru", "(objectclass=user)", controls);

        while (results.hasMore()) {
            SearchResult searchResult = (SearchResult) results.next();
            Attributes attributes = searchResult.getAttributes();
            Attribute attr = attributes.get("displayName");
            String cn = attr.get().toString();
            list.add(cn);
        }
    } catch (NameNotFoundException e) {
    } catch (NamingException | javax.naming.NamingException e) {
        throw new RuntimeException(e);
    } finally {
        if (results != null) {
            try {
                results.close();
            } catch (Exception e) {
            }
        }
        if (ctx != null) {
            try {
                ctx.close();
            } catch (Exception e) {
            }
        }
    }
    return list;
}
}

推荐阅读