1. 首頁
  2. 問答
  3. Spring中的Active Directory用戶搜索

Spring中的Active Directory用戶搜索

2016-07-04 137 views
0

我已經使用Spring Security實現了Active Directory身份驗證,並且工作正常。現在我想要了解其他用戶使用他們的sAMAccountName的詳細信息。管理員在我們的應用程序中批准或拒絕用戶所需的此功能。使用下面的代碼,我可以獲取登錄的用戶詳細信息。Spring中的Active Directory用戶搜索

Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); 
String currentPrincipalName = authentication.getName();

如何使用此Authentication對象來獲取其他用戶詳細信息。 我使用spring-security-ldap-4.0.1spring-security-core-4.0.1

來源

2016-07-04 Sathesh S

回答

0

您應該看看UserDetailsContextMapper。已經有實現類自動映射LDAP對象的一些屬性,如InetOrgPersonContextMapperPersonContextMapper。如果有任何特殊屬性,您必須註冊您自己的,例如我們使用屬性managerdirectReports報告存儲在AD中的行,我必須手動進行映射。

public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper { 

    @Autowired 
    private LdapUserService ldapUserService; 

    @Override 
    public UserDetails mapUserFromContext(DirContextOperations ops, String username, 
      Collection<? extends GrantedAuthority> authorities) { 

     UserDetails details = super.mapUserFromContext(ops, username, authorities); 

     String manager = ops.getStringAttribute("manager"); 
     String[] directReports = ops.getStringAttributes("directReports"); 

     User user = new User(
       username, 
       "", 
       details.isEnabled(), 
       details.isAccountNonExpired(), 
       details.isCredentialsNonExpired(), 
       details.isAccountNonLocked(), 
       details.getAuthorities(), 
       manager, 
       directReports); 

     return user; 
    } 

    @Override 
    public void mapUserToContext(UserDetails user, DirContextAdapter dir) { 
     super.mapUserToContext(user, dir); 
    } 

}

而且很明顯,你還必須調整你的UserDetails還有:

public class User extends org.springframework.security.core.userdetails.User { 

    private String manager; 
    private String[] directReports; 

    public User(String username, String password, boolean enabled, boolean accountNonExpired, 
      boolean credentialsNonExpired, boolean accountNonLocked, 
      Collection<? extends GrantedAuthority> authorities) { 
     super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
    } 

    public User(String username, String password, boolean enabled, boolean accountNonExpired, 
      boolean credentialsNonExpired, boolean accountNonLocked, 
      Collection<? extends GrantedAuthority> authorities, String manager, String[] directReports) { 
     this(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
     this.manager = manager; 
     this.directReports = directReports; 
    } 

    public String getManager() { 
     return manager; 
    } 

    public String[] getDirectReports() { 
     return directReports; 
    } 
}

希望這有助於。

來源

2016-07-04 09:42:14

相關問題

 相關問題