2017-10-09 93 views
1

我試圖根據LDAP服務器驗證一組憑據,並且能夠成功驗證它們。現在我試圖獲取登錄到服務器的用戶的全名或顯示名稱。我無法獲得相同的結果。作爲LDAP概念的新手,我無法想出一種獲取用戶完整顯示名稱的方法。一些可以幫我如何讓登錄的用戶的完整的顯示名稱使用AD和Apache shiro從LDAP服務器檢索全名或顯示名稱

下面是shiro.ini文件正在使用:

[main] 
activeDirectoryRealm = 
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm 
activeDirectoryRealm.systemUsername = adminusername 
activeDirectoryRealm.systemPassword = adminpswd 
activeDirectoryRealm.searchBase = "OU=User Accounts,DC=dmn,DC=net" 
activeDirectoryRealm.url = ldaps://localhost:389 

我的Java代碼如下:

import org.apache.shiro.SecurityUtils; 
import org.apache.shiro.authc.*; 
import org.apache.shiro.config.IniSecurityManagerFactory; 
import org.apache.shiro.mgt.SecurityManager; 
import org.apache.shiro.subject.Subject; 
import org.apache.shiro.util.Factory; 
public class ExampleActiveDirectory { 


public static final String userName = "myusername"; 
public static final String password = "mypassword"; 

public static void main(String[] args) 
{ 
    //Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini"); 
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\shiro.ini"); 
    SecurityManager securityManager = factory.getInstance(); 
    SecurityUtils.setSecurityManager(securityManager); 
    System.out.println("userName is : " +userName); 
    System.out.println("password is : " +password); 
    UsernamePasswordToken token = new UsernamePasswordToken(userName,password); 
    Subject currentUser = SecurityUtils.getSubject(); 
    try 
    { 
     //currentUser.login(token) ; 
     securityManager.login(currentUser,token).isAuthenticated(); 
     System.out.println("We've authenticated! :)"); 
    } 
    catch (AuthenticationException e) 
    { 
     System.out.println("We did not authenticate :("); 
     e.printStackTrace(); 
    } 

    } 
} 
+0

currentUser.getPrincipal()會給你不便。像用戶john doe的j.doe,以防你搜索這個。否則,請提供您希望看到的示例結果。 –

+0

我很喜歡尋找這樣的結果:如果我輸入用戶名爲jdoe,代碼需要提供輸出 - john doe – Arjun

+1

然後我認爲你需要從Shiro的ActiveDirectoryRealm類擴展並查看它的方法「getRoleNamesForUser」。正在使用searchBase和searchFilter檢索結果,並在AD上執行搜索。在這種類型中,您可以編寫自己的方法,使用搜索庫和過濾器,然後查找屬性「name」而不是「memberOf」。這個屬性應該給你你想要的價值。 –

回答

1

感謝您的信息。 鏈接 - http://www.deepakgaikwad.net/index.php/2009/09/24/retrieve-basic-user-attributes-from-active-directory-using-ldap-in-java.html

發現如下解決方案:

import java.util.Hashtable; 
import javax.naming.Context; 
import javax.naming.NamingEnumeration; 
import javax.naming.NamingException; 
import javax.naming.directory.Attributes; 
import javax.naming.directory.SearchControls; 
import javax.naming.directory.SearchResult; 
import javax.naming.ldap.InitialLdapContext; 
import javax.naming.ldap.LdapContext; 

import org.apache.shiro.web.tags.UserTag; 

public class RetrieveUserAttributes { 

public static void main(String[] args) { 
    RetrieveUserAttributes retrieveUserAttributes = new RetrieveUserAttributes(); 
    retrieveUserAttributes.getUserBasicAttributes("username", retrieveUserAttributes.getLdapContext()); 
} 

public LdapContext getLdapContext(){ 
    LdapContext ctx = null; 
    try{ 
     Hashtable<String, String> env = new Hashtable<String, String>(); 
     env.put(Context.INITIAL_CONTEXT_FACTORY, 
       "com.sun.jndi.ldap.LdapCtxFactory"); 
     env.put(Context.SECURITY_AUTHENTICATION, "Simple"); 
     env.put(Context.SECURITY_PRINCIPAL, "adminusername"); 
     env.put(Context.SECURITY_CREDENTIALS, "adminpswrd"); 
     env.put(Context.PROVIDER_URL, "ldaps://localhost:389"); 
     ctx = new InitialLdapContext(env, null); 
     System.out.println("Connection Successful."); 
    }catch(NamingException nex){ 
     System.out.println("LDAP Connection: FAILED"); 
     nex.printStackTrace(); 
    } 
    return ctx; 
} 

UserTag getUserBasicAttributes(String username, LdapContext ctx) { 
    UserTag user=null; 
    try { 

     SearchControls constraints = new SearchControls(); 
     constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); 
     String[] attrIDs = { "distinguishedName", 
       "sn", 
       "givenname", 
       "mail", 
       "telephonenumber"}; 
     constraints.setReturningAttributes(attrIDs); 
     //First input parameter is search bas, it can be "CN=Users,DC=YourDomain,DC=com" 
     //Second Attribute can be uid=username 
     NamingEnumeration answer = ctx.search("DC=domain,DC=com", "sAMAccountName=" 
       + "username", constraints); 
     if (answer.hasMore()) { 
      Attributes attrs = ((SearchResult) answer.next()).getAttributes(); 
      System.out.println("distinguishedName "+ attrs.get("distinguishedName")); 
      System.out.println("givenname "+ attrs.get("givenname")); 
      System.out.println("sn "+ attrs.get("sn")); 
      System.out.println("mail "+ attrs.get("mail")); 
      System.out.println("telephonenumber "+ attrs.get("telephonenumber")); 
     }else{ 
      throw new Exception("Invalid User"); 
     } 

    } catch (Exception ex) { 
     ex.printStackTrace(); 
    } 
    return user; 
} 

}