AD域登录验证

作者:Grey

原文地址:http://www.cnblogs.com/greyzeng/p/5799699.html

需求

系统在登录的时候,需要根据用户名和密码验证连接域服务器进行验证此用户是否为域用户。

条件

  • 域服务器地址:x.x.x.x
  • 域验证端口:xxx
  • AD域为:DC=adservice,DC=com
  • 某个域用户是:abc@adservice.com 密码:abc123.

实现

Java版

ADAuthJava.java

package com.hui.advalidationdemo;

import static com.hui.advalidationdemo.constant.ApplicationConstants.buildADPath;

import static com.hui.advalidationdemo.constant.ApplicationConstants.getConfig;

import static javax.naming.Context.INITIAL_CONTEXT_FACTORY;

import static javax.naming.Context.PROVIDER_URL;

import static javax.naming.Context.SECURITY_AUTHENTICATION;

import static javax.naming.Context.SECURITY_CREDENTIALS;

import static javax.naming.Context.SECURITY_PRINCIPAL;

import java.util.Hashtable;

import javax.naming.directory.DirContext;

import javax.naming.directory.InitialDirContext;

public class ADAuthJava {

	public static boolean authenticate(String username, String password) {

		DirContext ctx = null;

		Hashtable<String, String> HashEnv = initADServer(username, password);

		try {

			ctx = new InitialDirContext(HashEnv);

			System.out.println("Authenticate Success!");

			return true;

		} catch (Exception e) {

			e.printStackTrace();

			return false;

		} finally {

			if (null != ctx) {

				try {

					ctx.close();

					ctx = null;

				} catch (Exception e) {

					e.printStackTrace();

				}

			}

		}

	}

	private static Hashtable<String, String> initADServer(String username, String password) {

		String adPath = buildADPath(username);

		Hashtable<String, String> HashEnv = new Hashtable<String, String>();

		HashEnv.put(SECURITY_AUTHENTICATION, "simple");

		HashEnv.put(SECURITY_PRINCIPAL, adPath);

		HashEnv.put(SECURITY_CREDENTIALS, password);

		HashEnv.put(INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

		HashEnv.put("com.sun.jndi.ldap.connect.timeout", "3000");

		HashEnv.put(PROVIDER_URL, getConfig("ad.url"));

		return HashEnv;

	}

}

单元测试:ADAuthJavaTest.java

package com.hui.advalidationdemo;

import static com.hui.advalidationdemo.ADAuthJava.authenticate;

import static org.junit.Assert.assertTrue;

import org.junit.Test;

public class ADAuthJavaTest {

	@Test

	public void testAuthenticate() {

		assertTrue(authenticate("abc", "abc123."));

	}

}

Spring版(附源码,Maven项目)

  • Spring 版本:3.2.3.RELEASE
  • spring-ldap-core 版本:2.0.2.RELEASE
  • JDK1.7+

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

	<modelVersion>4.0.0</modelVersion>

	<groupId>com.hui</groupId>

	<artifactId>advalidationdemo</artifactId>

	<version>0.0.1-SNAPSHOT</version>

	<packaging>jar</packaging>

	<name>advalidationdemo</name>

	<url>http://maven.apache.org</url>

	<properties>

		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

	</properties>

	<dependencies>

		<dependency>

			<groupId>junit</groupId>

			<artifactId>junit</artifactId>

			<version>4.12</version>

			<scope>test</scope>

		</dependency>

		<dependency>

			<groupId>org.springframework.ldap</groupId>

			<artifactId>spring-ldap-core</artifactId>

			<version>2.0.2.RELEASE</version>

		</dependency>

		<dependency>

			<groupId>org.acegisecurity</groupId>

			<artifactId>acegi-security</artifactId>

			<version>1.0.7</version>

		</dependency>

		<dependency>

			<groupId>org.apache.commons</groupId>

			<artifactId>commons-lang3</artifactId>

			<version>3.4</version>

		</dependency>

		<dependency>

			<groupId>org.springframework</groupId>

			<artifactId>spring-beans</artifactId>

			<version>3.2.3.RELEASE</version>

		</dependency>

		<dependency>

			<groupId>org.springframework</groupId>

			<artifactId>spring-core</artifactId>

			<version>3.2.3.RELEASE</version>

		</dependency>

		<dependency>

			<groupId>org.springframework</groupId>

			<artifactId>spring-test</artifactId>

			<version>3.2.3.RELEASE</version>

		</dependency>

		<dependency>

			<groupId>org.springframework</groupId>

			<artifactId>spring-context</artifactId>

			<version>3.2.3.RELEASE</version>

		</dependency>

		<dependency>

			<groupId>org.springframework</groupId>

			<artifactId>spring-context-support</artifactId>

			<version>3.2.3.RELEASE</version>

		</dependency>

	</dependencies>

</project>

applicationContext-ldap.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">

<beans>

   <bean id="configBean" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">

	  <property name="location"><value>classpath:config.properties</value></property>

   </bean>

   <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">

      <property name="url" value="${ad.url}" />

      <property name="base" value="${ad.base}" />

   </bean>

   <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">

      <constructor-arg ref="contextSource" />

   </bean>

   <bean id="adDao" class="com.hui.advalidationdemo.ADAuthSpring">

      <property name="ldapTemplate" ref="ldapTemplate" />

   </bean>

</beans>

ADAuthSpring.java

package com.hui.advalidationdemo;

import static com.hui.advalidationdemo.constant.ApplicationConstants.buildADPath;

import static org.acegisecurity.ldap.LdapUtils.closeContext;

import javax.naming.directory.DirContext;

import org.springframework.ldap.core.LdapTemplate;

public class ADAuthSpring {

	private LdapTemplate ldapTemplate;

	public void setLdapTemplate(LdapTemplate ldapTemplate) {

		this.ldapTemplate = ldapTemplate;

	}

	public boolean authenticate(String userName, String password) {

		DirContext ctx = null;

		String distinguishedName = null;

		distinguishedName = buildADPath(userName);

		System.out.println("userName:" + userName + " map distinguishedName:" + distinguishedName);

		try {

			distinguishedName = buildADPath(userName);

			System.out.println("userName:" + userName + " map distinguishedName:" + distinguishedName);

			ctx = ldapTemplate.getContextSource().getContext(distinguishedName, password);

			System.out.println("authenticate success distinguishedName:" + distinguishedName + " userName:" + userName);

			return true;

		} catch (Exception e) {

			System.out.println("authenticate fail distinguishedName:" + distinguishedName + " userName:" + userName);

			return false;

		} finally {

			closeContext(ctx);

		}

	}

}

config.properties

# AD Validation#

ad.url=ldap://x.x.x.x:xxx

ad.base=DC=adservice,DC=com

ad.path.template=%s@adservice.com

单元测试:

ADAuthSpringTest.java

package com.hui.advalidationdemo;

import org.junit.Assert;

import org.junit.Test;

import org.junit.runner.RunWith;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.test.context.ContextConfiguration;

import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

@RunWith(SpringJUnit4ClassRunner.class)

@ContextConfiguration(locations = { "classpath:applicationContext-ldap.xml" })

public class ADAuthSpringTest {

	@Autowired

	public ADAuthSpring adValidation;

	@Test

	public void testAuth() {

		Assert.assertTrue(adValidation.authenticate("abc", "123abc."));

	}

}

ApplicationConstants.java

package com.hui.advalidationdemo.constant;

import static java.lang.String.format;

import static java.lang.Thread.currentThread;

import static org.apache.commons.lang3.StringUtils.isBlank;

import java.io.IOException;

import java.io.InputStream;

import java.util.HashMap;

import java.util.Map;

import java.util.Properties;

import org.apache.log4j.Logger;

public class ApplicationConstants {

	private static final String CONFIG_FILE = "config.properties";

	private static Map<String, Object> configs = new HashMap<String, Object>();

	private static final Logger log = Logger.getLogger(ApplicationConstants.class);

	static {

		InputStream in = null;

		Properties p = new Properties();

		try{

			in = currentThread().getContextClassLoader().getResourceAsStream(CONFIG_FILE);

			p.load(in);

			for(Object k : p.keySet()){

				String key = (String) k;

				configs.put( key, p.getProperty(key));

			}

			log.info("config.properties is loaded!"  );

		} catch (IOException e){

			log.error("Unable to read config.properties");

		} finally{

			if(in != null)

				try {

					in.close();

				} catch (IOException e) {

					log.error("Unable to close inputstream");

				}

		}

	}

	public static String getConfig(String key){

		return (String) configs.get(key);

	}

	public static  String buildADPath(String userName) {

		String adPathTemplate = getConfig("ad.path.template");

		if (isBlank(adPathTemplate)) {

			log.error("ad.path template do not exist in config.properties please config it");

			return null;

		}

		log.debug("ad.path template is "+adPathTemplate);

		try {

			String adPath = format(adPathTemplate, userName);

			log.debug("adPath is:"+adPath);

			return adPath;

		} catch (Exception e) {

			log.error("ad path template format error");

			return null;

		}

	}

}

注意:在测试的时候需要将x.x.x.x,xxx,abc,123abc.替换成相应的域服务器ip,域服务器端口,域用户名,域用户密码

源码:https://github.com/GreyZeng/demo/tree/master/advalidation

更多:http://docs.spring.io/spring-ldap/docs/1.2.0/reference/

AD域登录验证的更多相关文章

  1. AD用户登录验证,遍历OU(LDAP)

    先安装python-ldap模块 1.验证AD用户登录是否成功 import sqlite3,ldap domainname='cmr\\' username='zhangsan' ldapuser ...

  2. ASP.NET Core AD 域登录

    在选择AD登录时,其实可以直接选择 Windows 授权,不过因为有些网站需要的是LDAP获取信息进行授权,而非直接依赖Web Server自带的Windows 授权功能. 当然如果使用的是Azure ...

  3. ASP.NET Core AD 域登录 (转载)

    在选择AD登录时,其实可以直接选择 Windows 授权,不过因为有些网站需要的是LDAP获取信息进行授权,而非直接依赖Web Server自带的Windows 授权功能. 当然如果使用的是Azure ...

  4. AD域账号验证

    public partial class _Default : Page { [DllImport("advapi32.dll")] private static extern b ...

  5. java集成微软的ad域,实现单点登录

    1.ad域介绍: windos server 2008R2服务器下的ad域,见下图(我是在虚拟机安装到windos server) 2.连接ad域代码:(里面代码自行修改) public Result ...

  6. JAVA 通过LDAP获取AD域用户及组织信息

    因为工作需求近期做过一个从客户AD域获取数据实现单点登录的功能,在此整理分享. 前提:用户可能有很多系统的情况下,为了方便账号的统一管理使用AD域验证登录,所以不需要我们的系统登录,就需要获取用户的A ...

  7. Linux AD 身份统一验证(SSO)

    http://www.toxingwang.com/linux-unix/linux-admin/584.html Linux+samba-winbind+AD实现统一认证 2013年04月27日 ⁄ ...

  8. Samba通过ad域进行认证并限制空间大小《转载》

    本文实现了samba服务被访问的时候通过windows域服务器进行用户名和密码验证;认证通过的用户可以自动分配500M的共享空间;在用户通过windows域登陆系统的时候可以自动把这块空间映射成一块硬 ...

  9. springboot整合微软的ad域,采用ldap的api来整合,实现用户登录验证、

    流程: 1.用户调登录接口,传用户名和密码2.用户名和密码在ad验证,验证通过后,返回当前用户的相关信息.(注:ldap为java自带的api不需要maven引入其他的)3.根据返回的用户信息,实现自 ...

随机推荐

  1. HTML学习有感

    自从到大三之后一直在纠结课下去学些什么,刚开始一直在学PS,当时学的还算可以,可以一段时间不用之后就忘记了,这使我很郁闷!之后一直想学JAVA,跟已经工作的同学讨来了相关的视屏资料以及他培训时的笔记: ...

  2. Tomcat 中响应头信息(Http Response Header) Content-Length 和 Transfer-Encoding

    户端(PC浏览器或者手机浏览器)在接受到Tomcat的响应的时候,头信息通常都会带上Content-Length ,一般情况下客户端会在接受完Content-Length长度的数据之后才会开始解析.而 ...

  3. 倒计时的js实现 倒计时 js Jquery

    by zhangxinxu from http://www.zhangxinxu.com本文地址:http://www.zhangxinxu.com/wordpress/?p=987 一.如火如荼的团 ...

  4. 全新 Mac 安装指南(编程篇)(环境变量、Shell 终端、SSH 远程连接)

    注:本文专门用于指导对计算机编程与设计(尤其是互联网产品开发与设计)感兴趣的 Mac 新用户,如何在 Mac OS X 系统上配置开发与上网环境,另有<全新 Mac 安装指南(通用篇)>作 ...

  5. Net作业调度(四)—quartz.net持久化和集群

    介绍 在实际使用quartz.net中,持久化能保证实例重启后job不丢失. 集群能均衡服务器压力和解决单点问题. quartz.net在这两方面配置都比较简单. 持久化 quartz.net的持久化 ...

  6. twobin博客样式—“蓝白之风”

    自暑假以来,囫囵吞枣一般蒙头栽入前端自学中,且不说是否窥探其道,却不自觉中提高了对网页版面设计的要求,乃至挑剔.一个设计清爽美观的网页能让读者心旷神怡,甚至没有了阅读疲劳:而一个设计粗劣嘈杂的网页实在 ...

  7. IOS关于LKDBHelper实体对象映射插件运用

    一 插件简介: 其github地址:https://github.com/li6185377/LKDBHelper-SQLite-ORM 全面支持 NSArray,NSDictionary, Mode ...

  8. 删除 Windows 旧 OS 加载器

    装过多个系统,然后又删除掉了,系统启动引导时,又把以前的废弃的系统引导给带了出来,试过多种方式,以下方法是最好的. 开始->运行->cmd bcdedit /v 查看要删除的"W ...

  9. HTML5新增标签与属性

    目录 一.HTML5新增属性 1.1.contextmenu 1.2.contentEditable 1.3.hidden 1.4.draggable 1.5.data-* 1.6.placehold ...

  10. SVN:服务器资源删掉,本地添加时和删掉的名字同名出现One or more files are in a conflicted state.

    异常处理汇总-开发工具  http://www.cnblogs.com/dunitian/p/4522988.html