java 通过LDAP 验证、添加、修改、删除
2015-08-27 13:09
597 查看
1. 域服务器(dc=dctest,dc=com),安装证书服务,创建企业根证书,名称为dctest.com
则:cn=dctest.com,dc=dctest,dc=com
2. 申请证书类型域控制器的证书
3. 将企业根证书和域控制器证书导入到应用服务器cacerts
4. 在应用程序中,编写代码引用cacerts认证。
keytool
[java]view plaincopy
- packagebof.usermanager.auth.impl;
- importjava.io.IOException;
- importjava.util.ArrayList;
- importjava.util.List;
- importjava.util.Properties;
- importjavax.naming.AuthenticationException;
- importjavax.naming.Context;
- importjavax.naming.NamingEnumeration;
- importjavax.naming.NamingException;
- importjavax.naming.directory.Attribute;
- importjavax.naming.directory.Attributes;
- importjavax.naming.directory.BasicAttribute;
- importjavax.naming.directory.BasicAttributes;
- importjavax.naming.directory.DirContext;
- importjavax.naming.directory.ModificationItem;
- importjavax.naming.directory.SearchControls;
- importjavax.naming.directory.SearchResult;
- importjavax.naming.ldap.Control;
- importjavax.naming.ldap.InitialLdapContext;
- importjavax.naming.ldap.LdapContext;
- importcom.report.service.PropertyItem;
- importcom.report.vo.OrganizationalUnitDomain;
- importcom.report.vo.UserDomain;
- /**
- *功能:本操作类提供AD域用户的增、删、查、改功能
- *作者:陈艺武
- *日期:2010-4-13
- */
- publicclassLdapADManager{
- protectedDataSourceConnectLDAPVOtransientInstance=null;
- /**用户的objectClass*/
- privateStringdefault_objectclass="user";
- /**用户的默认根DN*/
- privateStringdefault_base="CN=Users,DC=all,DC=com";
- /**用户默认主键*/
- privateStringkey_index="CN";
- /**用户默认密码属性.*/
- privateStringpwd_index="unicodePwd";
- privateControl[]connCtls=null;
- privatestaticLdapADManagerLdapADManager=null;
- privateLdapADManager(){}
- publicstaticLdapADManagergetInstance(){
- if(LdapADManager==null)
- LdapADManager=newLdapADManager();
- returnLdapADManager;
- }
- /**
- *从连接池中获取一个连接.
- *
- *@returnLdapContext
- *@throwsNamingException
- */
- publicLdapContextgetConnectionFromFool()throwsNamingException{
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- Stringkeystore="c:/Java/jdk1.6.0_10/jre/lib/security/cacerts";
- System.setProperty("javax.net.ssl.trustStore",keystore);
- Propertiesenv=newProperties();
- env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
- env.put("com.sun.jndi.ldap.connect.pool","true");
- env.put(Context.SECURITY_AUTHENTICATION,"simple");
- env.put(Context.SECURITY_PROTOCOL,"ssl");
- //env.put("java.naming.referral","follow");
- env.put(Context.PROVIDER_URL,ldapProperty.getLdapURL());
- connCtls=newControl[]{newLdapADManagerControl()};
- returnnewInitialLdapContext(env,connCtls);
- }
- /**
- *功能:校验用户登录.
- *@paramuserName
- *@parampassword
- *@return
- *
- *作者:陈艺武
- *日期:Apr13,2010
- */
- publicbooleanauthenticate(StringuserName,Stringpassword){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- StringuserDn=userName+"@"+ldapProperty.getDomain();
- LdapContextctx=null;
- try{
- ctx=getConnectionFromFool();
- ctx.getRequestControls();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,userDn);
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);
- ctx.reconnect(connCtls);
- returntrue;
- }catch(AuthenticationExceptione){
- e.printStackTrace();
- returnfalse;
- }catch(NamingExceptione){
- e.printStackTrace();
- returnfalse;
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- }
- /**
- *功能:获取AD用户列表
- *@return
- *
- *作者:陈艺武
- *日期:Apr12,2010
- */
- publicListlistUser(){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- Listlist=newArrayList();
- LdapContextctx=null;
- UserDomainuser=null;
- Stringbase="OU="+ldapProperty.getBase()+","+ldapProperty.getDomainDC();
- try{
- ctx=this.getConnectionFromFool();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,ldapProperty.getUserName()+"@"+ldapProperty.getDomain());
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,ldapProperty.getPassWord());
- //base="OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
- Stringfilter="(&(objectCategory=person)(objectClass=USER)(name=*))";
- SearchControlscontrols=newSearchControls();
- controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- //controls.setReturningAttributes(newString[]{"sAMAccountName","displayName","department"});
- controls.setReturningAttributes(newString[]{"sAMAccountName","cn"});
- NamingEnumeration<SearchResult>answer=ctx.search(base,filter,controls);
- while(answer.hasMore()){
- user=newUserDomain();
- SearchResultresult=answer.next();
- NamingEnumeration<?extendsAttribute>attrs=result.getAttributes().getAll();
- intcount=0;
- while(attrs.hasMore()){
- Attributeattr=attrs.next();
- if(count==0){
- user.setUserName(attr.get().toString());
- }else{
- user.setUserAliasName(attr.get().toString());
- }
- count++;
- }
- user.setNameSpace(ldapProperty.getDomain());
- list.add(user);
- }
- }catch(Exceptione){
- e.printStackTrace();
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnlist;
- }
- /**
- *功能:查询组织单位列表
- *@paramouName
- *@return
- *
- *作者:陈艺武
- *日期:Apr13,2010
- *说明:base格式如:"OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
- */
- publicListlistOrganizztionalUnit(StringouName){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- Listlist=newArrayList();
- LdapContextctx=null;
- OrganizationalUnitDomainouDomain=null;
- Stringbase="OU="+ldapProperty.getBase()+","+ldapProperty.getDomainDC();
- try{
- ctx=this.getConnectionFromFool();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,ldapProperty.getUserName()+"@"+ldapProperty.getDomain());
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,ldapProperty.getPassWord());
- Stringfilter="(&(objectClass=organizationalUnit)";
- if(ouName!=null&&!ouName.equals(""))
- filter=filter+"(name=*"+ouName+"*)";
- filter=filter+")";
- SearchControlscontrols=newSearchControls();
- controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- controls.setReturningAttributes(newString[]{"name"});
- NamingEnumeration<SearchResult>answer=ctx.search(base,filter,controls);
- while(answer.hasMore()){
- ouDomain=newOrganizationalUnitDomain();
- SearchResultresult=answer.next();
- NamingEnumeration<?extendsAttribute>attrs=result.getAttributes().getAll();
- intcount=0;
- while(attrs.hasMore()){
- Attributeattr=attrs.next();
- if(count==0){
- ouDomain.setOuName(attr.get().toString());
- }
- count++;
- }
- list.add(ouDomain);
- }
- }catch(Exceptione){
- e.printStackTrace();
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnlist;
- }
- /**
- *功能:添加用户
- *@paramou组织单位:中投证券,销售部门
- *@paramdepartment
- *@paramrealName真实姓名,如:李伟
- *@paramuserName用户名,如:administrator
- *@paramuserPwd
- *@paramadminUser
- *@paramadminPwd
- *@return
- *
- *作者:陈艺武
- *日期:Apr12,2010
- */
- publicbooleanaddUser(Stringou,Stringdepartment,StringrealName,StringuserName,StringadminUser,StringadminPwd){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- LdapContextctx=null;
- try{
- ctx=getConnectionFromFool();
- Attributesattrs=newBasicAttributes(true);
- Attributeobjclass=newBasicAttribute("objectclass");
- setObjectclassToAttribute(objclass);
- attrs.put(objclass);
- attrs.put("sAMAccountName",userName);
- attrs.put("cn",realName);
- intUF_ACCOUNTDISABLE=0x0002;
- intUF_PASSWD_NOTREQD=0x0020;
- intUF_NORMAL_ACCOUNT=0x0200;
- intUF_PASSWORD_EXPIRED=0x800000;
- attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT+UF_PASSWD_NOTREQD+UF_PASSWORD_EXPIRED+UF_ACCOUNTDISABLE));
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
- //StringnewUser="CN="+realName+","+cvtOuString(ou)+","+ldapProperty.getDomainDC();
- StringnewUser="CN="+realName+","+this.getFullOu(ctx,ou)+","+ldapProperty.getDomainDC();
- ctx.createSubcontext(newUser,attrs);
- ModificationItem[]mods=newModificationItem[2];
- StringnewQuotedPassword="/""+userName+"/"";
- byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
- mods[0]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
- mods[1]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT+UF_PASSWORD_EXPIRED)));
- ctx.modifyAttributes(newUser,mods);
- mods=null;
- returntrue;
- }catch(NamingExceptione){
- e.printStackTrace();
- }catch(IOExceptione){
- e.printStackTrace();
- }finally{
- if(ctx!=null){
- try{
- ctx.close();
- }catch(NamingExceptione){
- e.printStackTrace();
- }
- ctx=null;
- }
- }
- returnfalse;
- }
- /**
- *功能:管理员用户初始化用户密码
- *@paramsUserName
- *@paramsNewPassword
- *@return
- *
- *作者:陈艺武
- *日期:Apr13,2010
- */
- publicbooleanadminChangePassword(StringadminUser,StringadminPwd,StringsUserName){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- LdapContextctx=null;
- //不能从应用中修改超级管理员密码
- if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
- returnfalse;
- try{
- ctx=getConnectionFromFool();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
- ModificationItem[]mods=newModificationItem[1];
- StringnewQuotedPassword="/""+sUserName+"< 15074 span style="border:none;background-color:inherit;">/"";
- byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
- mods[0]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
- StringcnUser=getUser(ctx,sUserName)+","+ldapProperty.getDomainDC();
- ctx.modifyAttributes(cnUser,mods);
- returntrue;
- }catch(Exceptione){
- e.printStackTrace();
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnfalse;
- }
- /**
- *功能:用户修改密码
- *@paramsUserName
- *@paramsOldPassword
- *@paramsNewPassword
- *@return
- *
- *作者:陈艺武
- *日期:Apr9,2010
- */
- publicbooleanuserChangePassword(StringsUserName,StringsOldPassword,StringsNewPassword){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- LdapContextctx=null;
- StringuserNameAndDomain=sUserName+"@"+ldapProperty.getDomain();
- //不能从应用中修改超级管理员密码
- if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
- returnfalse;
- try{
- ctx=getConnectionFromFool();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,userNameAndDomain);
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,sOldPassword);
- ModificationItem[]mods=newModificationItem[2];
- StringoldQuotedPassword="/""+sOldPassword+"/"";
- byte[]oldUnicodePassword=oldQuotedPassword.getBytes("UTF-16LE");
- StringnewQuotedPassword="/""+sNewPassword+"/"";
- byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
- mods[0]=newModificationItem(DirContext.REMOVE_ATTRIBUTE,newBasicAttribute("unicodePwd",oldUnicodePassword));
- mods[1]=newModificationItem(DirContext.ADD_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
- StringcnUser=getUser(ctx,sUserName)+","+ldapProperty.getDomainDC();
- ctx.modifyAttributes(cnUser,mods);
- returntrue;
- }catch(Exceptione){
- e.printStackTrace();
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnfalse;
- }
- /**
- *功能:修改用户信息
- *@paramattrs
- *@paramuserDN
- *@return
- *
- *作者:陈艺武
- *日期:Apr12,2010
- */
- publicbooleanmodify(Attributesattrs,StringuserDN){
- LdapContextctx=null;
- try{
- ctx=getConnectionFromFool();
- attrs.remove(key_index);
- ctx.modifyAttributes(userDN,DirContext.REPLACE_ATTRIBUTE,attrs);
- returntrue;
- }catch(NamingExceptione){
- System.err.println("Problemchangingpassword:"+e);
- }catch(Exceptione){
- System.err.println("Problem:"+e);
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnfalse;
- }
- /**
- *功能:删除用户
- *@paramadminUser
- *@paramadminPwd
- *@paramuserDN用户登陆名
- *@return
- *
- *作者:陈艺武
- *日期:Apr12,2010
- */
- publicbooleandel(StringadminUser,StringadminPwd,StringuserName){
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- LdapContextctx=null;
- try{
- ctx=getConnectionFromFool();
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
- StringadUser=getUser(ctx,userName)+","+ldapProperty.getDomainDC();
- ctx.destroySubcontext(adUser);
- returntrue;
- }catch(NamingExceptione){
- System.err.println("Problemchangingpassword:"+e);
- }catch(Exceptione){
- System.err.println("Problem:"+e);
- }finally{
- try{
- ctx.close();
- }catch(Exceptione){
- e.printStackTrace();
- }
- }
- returnfalse;
- }
- privatevoidsetObjectclassToAttribute(Attributeobjclass){
- objclass.add("top");
- objclass.add("person");
- objclass.add("organizationalPerson");
- objclass.add("inetorgperson");
- }
- privateStringgetUser(LdapContextctx,Stringusr){
- StringuserName="";
- Stringfilter="sAMAccountName="+usr;
- SearchResultsi=getSearchResult(ctx,filter);
- if(si!=null)
- userName=si.getName();
- returnuserName;
- }
- privateStringgetFullOu(LdapContextctx,Stringou){
- StringuserName="";
- Stringfilter="(&(objectClass=organizationalUnit)(name="+ou+"))";
- SearchResultsi=getSearchResult(ctx,filter);
- if(si!=null)
- userName=si.getName();
- returnuserName;
- }
- privateSearchResultgetSearchResult(LdapContextctx,Stringfilter){
- SearchResultsi=null;
- PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
- try{
- SearchControlsconstraints=newSearchControls();
- co<mce:scripttype="text/javascript"src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"></mce:script><mce:scripttype="text/javascript"src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"></mce:script>nstraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
- NamingEnumerationen=ctx.search(ldapProperty.getDomainDC(),filter,constraints);//查询所有用户
- while(en!=null&&en.hasMoreElements()){
- Objectobj=en.nextElement();
- if(objinstanceofSearchResult){
- si=(SearchResult)obj;
- break;
- }
- }
- }catch(NamingExceptionex){
- ex.printStackTrace();
- }
- returnsi;
- }
- }
- classLdapADManagerControlimplementsControl{
- publicbyte[]getEncodedValue(){
- returnnull;
- }
- publicStringgetID(){
- return"1.2.840.113556.1.4.1781";
- }
- publicbooleanisCritical(){
- returntrue;
- }
- }
相关文章推荐
- java 通过LDAP 验证、添加、修改、删除
- LDAP 验证、添加、修改、删除
- 通过LDAP在AD域控上进行添加、删除、修改、查询等各种操作。
- 通过LDAP在AD域控上进行添加、删除、修改、查询等各种操作
- 通过LDAP在AD域控上进行添加、删除、修改、查询等各种操作
- 通过LDAP在AD域控上进行添加、删除、修改、查询等各种操作
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- 通过java调用存储过程(查询,更新,修改,删除),包的一些操作
- Java Web如何操作Cookie的添加修改和删除
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- Java(十二)--List的添加,修改,删除
- java中用Dom4J来操作xml文件(删除和修改和添加)
- 通过loadrunner 11常规通用的C语言API类型的Vuser 方式,测试验证MySQL数据库插入、查询、修改、删除数据性能脚本实例
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- 稳扎稳打Silverlight(58) - 4.0通信之WCF RIA Services: 通过 Domain Service, 以 MVVM 模式实现数据的添加、删除、修改和查询
- 用JAVA通过LDAP修改AD用户密码注意事项
- 摘:通过ICursor对Table进行操作(添加、修改、删除)
- 连接MySQL并提供查询,删除,修改和添加的java程序