java 通过LDAP 验证、添加、修改、删除

1. 域服务器（dc=dctest,dc=com）,安装证书服务，创建企业根证书，名称为dctest.com

则：cn=dctest.com,dc=dctest,dc=com

2. 申请证书类型域控制器的证书

3. 将企业根证书和域控制器证书导入到应用服务器cacerts

4. 在应用程序中，编写代码引用cacerts认证。

keytool

1. packagebof.usermanager.auth.impl;
2. importjava.io.IOException;
3. importjava.util.ArrayList;
4. importjava.util.List;
5. importjava.util.Properties;
6. importjavax.naming.AuthenticationException;
7. importjavax.naming.Context;
8. importjavax.naming.NamingEnumeration;
9. importjavax.naming.NamingException;
10. importjavax.naming.directory.Attribute;
11. importjavax.naming.directory.Attributes;
12. importjavax.naming.directory.BasicAttribute;
13. importjavax.naming.directory.BasicAttributes;
14. importjavax.naming.directory.DirContext;
15. importjavax.naming.directory.ModificationItem;
16. importjavax.naming.directory.SearchControls;
17. importjavax.naming.directory.SearchResult;
18. importjavax.naming.ldap.Control;
19. importjavax.naming.ldap.InitialLdapContext;
20. importjavax.naming.ldap.LdapContext;
21. importcom.report.service.PropertyItem;
22. importcom.report.vo.OrganizationalUnitDomain;
23. importcom.report.vo.UserDomain;
24. /**
25. *功能：本操作类提供AD域用户的增、删、查、改功能
26. *作者：陈艺武
27. *日期：2010-4-13
28. */
29. publicclassLdapADManager{
31. protectedDataSourceConnectLDAPVOtransientInstance=null;
33. /**用户的objectClass*/
34. privateStringdefault_objectclass="user";
35. /**用户的默认根DN*/
36. privateStringdefault_base="CN=Users,DC=all,DC=com";
37. /**用户默认主键*/
38. privateStringkey_index="CN";
39. /**用户默认密码属性.*/
40. privateStringpwd_index="unicodePwd";
41. privateControl[]connCtls=null;
43. privatestaticLdapADManagerLdapADManager=null;
45. privateLdapADManager(){}
46. publicstaticLdapADManagergetInstance(){
47. if(LdapADManager==null)
48. LdapADManager=newLdapADManager();
49. returnLdapADManager;
50. }
55. /**
56. *从连接池中获取一个连接.
57. *
58. *@returnLdapContext
59. *@throwsNamingException
60. */
61. publicLdapContextgetConnectionFromFool()throwsNamingException{
62. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
63. Stringkeystore="c:/Java/jdk1.6.0_10/jre/lib/security/cacerts";
64. System.setProperty("javax.net.ssl.trustStore",keystore);
66. Propertiesenv=newProperties();
67. env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
68. env.put("com.sun.jndi.ldap.connect.pool","true");
69. env.put(Context.SECURITY_AUTHENTICATION,"simple");
70. env.put(Context.SECURITY_PROTOCOL,"ssl");
71. //env.put("java.naming.referral","follow");
73. env.put(Context.PROVIDER_URL,ldapProperty.getLdapURL());
74. connCtls=newControl[]{newLdapADManagerControl()};
75. returnnewInitialLdapContext(env,connCtls);
76. }
80. /**
81. *功能：校验用户登录.
82. *@paramuserName
83. *@parampassword
84. *@return
85. *
86. *作者：陈艺武
87. *日期：Apr13,2010
88. */
89. publicbooleanauthenticate(StringuserName,Stringpassword){
90. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
91. StringuserDn=userName+"@"+ldapProperty.getDomain();
92. LdapContextctx=null;
93. try{
94. ctx=getConnectionFromFool();
95. ctx.getRequestControls();
96. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,userDn);
97. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);
98. ctx.reconnect(connCtls);
99. returntrue;
100. }catch(AuthenticationExceptione){
101. e.printStackTrace();
102. returnfalse;
103. }catch(NamingExceptione){
104. e.printStackTrace();
105. returnfalse;
106. }finally{
107. try{
108. ctx.close();
109. }catch(Exceptione){
110. e.printStackTrace();
111. }
112. }
113. }
117. /**
118. *功能：获取AD用户列表
119. *@return
120. *
121. *作者：陈艺武
122. *日期：Apr12,2010
123. */
124. publicListlistUser(){
125. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
126. Listlist=newArrayList();
127. LdapContextctx=null;
128. UserDomainuser=null;
130. Stringbase="OU="+ldapProperty.getBase()+","+ldapProperty.getDomainDC();
131. try{
132. ctx=this.getConnectionFromFool();
133. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,ldapProperty.getUserName()+"@"+ldapProperty.getDomain());
134. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,ldapProperty.getPassWord());
136. //base="OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
137. Stringfilter="(&(objectCategory=person)(objectClass=USER)(name=*))";
138. SearchControlscontrols=newSearchControls();
139. controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
140. //controls.setReturningAttributes(newString[]{"sAMAccountName","displayName","department"});
141. controls.setReturningAttributes(newString[]{"sAMAccountName","cn"});
143. NamingEnumeration<SearchResult>answer=ctx.search(base,filter,controls);
144. while(answer.hasMore()){
145. user=newUserDomain();
146. SearchResultresult=answer.next();
147. NamingEnumeration<?extendsAttribute>attrs=result.getAttributes().getAll();
148. intcount=0;
150. while(attrs.hasMore()){
151. Attributeattr=attrs.next();
152. if(count==0){
153. user.setUserName(attr.get().toString());
154. }else{
155. user.setUserAliasName(attr.get().toString());
156. }
157. count++;
158. }
160. user.setNameSpace(ldapProperty.getDomain());
161. list.add(user);
162. }
163. }catch(Exceptione){
164. e.printStackTrace();
165. }finally{
166. try{
167. ctx.close();
168. }catch(Exceptione){
169. e.printStackTrace();
170. }
171. }
172. returnlist;
173. }
177. /**
178. *功能：查询组织单位列表
179. *@paramouName
180. *@return
181. *
182. *作者：陈艺武
183. *日期：Apr13,2010
184. *说明：base格式如："OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
185. */
186. publicListlistOrganizztionalUnit(StringouName){
187. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
188. Listlist=newArrayList();
189. LdapContextctx=null;
190. OrganizationalUnitDomainouDomain=null;
192. Stringbase="OU="+ldapProperty.getBase()+","+ldapProperty.getDomainDC();
193. try{
194. ctx=this.getConnectionFromFool();
195. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,ldapProperty.getUserName()+"@"+ldapProperty.getDomain());
196. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,ldapProperty.getPassWord());
198. Stringfilter="(&(objectClass=organizationalUnit)";
199. if(ouName!=null&&!ouName.equals(""))
200. filter=filter+"(name=*"+ouName+"*)";
201. filter=filter+")";
203. SearchControlscontrols=newSearchControls();
204. controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
205. controls.setReturningAttributes(newString[]{"name"});
207. NamingEnumeration<SearchResult>answer=ctx.search(base,filter,controls);
208. while(answer.hasMore()){
209. ouDomain=newOrganizationalUnitDomain();
210. SearchResultresult=answer.next();
211. NamingEnumeration<?extendsAttribute>attrs=result.getAttributes().getAll();
212. intcount=0;
214. while(attrs.hasMore()){
215. Attributeattr=attrs.next();
216. if(count==0){
217. ouDomain.setOuName(attr.get().toString());
218. }
219. count++;
220. }
222. list.add(ouDomain);
223. }
224. }catch(Exceptione){
225. e.printStackTrace();
226. }finally{
227. try{
228. ctx.close();
229. }catch(Exceptione){
230. e.printStackTrace();
231. }
232. }
233. returnlist;
234. }
237. /**
238. *功能：添加用户
239. *@paramou组织单位：中投证券,销售部门
240. *@paramdepartment
241. *@paramrealName真实姓名，如：李伟
242. *@paramuserName用户名，如：administrator
243. *@paramuserPwd
244. *@paramadminUser
245. *@paramadminPwd
246. *@return
247. *
248. *作者：陈艺武
249. *日期：Apr12,2010
250. */
251. publicbooleanaddUser(Stringou,Stringdepartment,StringrealName,StringuserName,StringadminUser,StringadminPwd){
252. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
253. LdapContextctx=null;
254. try{
255. ctx=getConnectionFromFool();
257. Attributesattrs=newBasicAttributes(true);
258. Attributeobjclass=newBasicAttribute("objectclass");
259. setObjectclassToAttribute(objclass);
260. attrs.put(objclass);
261. attrs.put("sAMAccountName",userName);
262. attrs.put("cn",realName);
264. intUF_ACCOUNTDISABLE=0x0002;
265. intUF_PASSWD_NOTREQD=0x0020;
266. intUF_NORMAL_ACCOUNT=0x0200;
267. intUF_PASSWORD_EXPIRED=0x800000;
268. attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT+UF_PASSWD_NOTREQD+UF_PASSWORD_EXPIRED+UF_ACCOUNTDISABLE));
271. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
272. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
273. //StringnewUser="CN="+realName+","+cvtOuString(ou)+","+ldapProperty.getDomainDC();
274. StringnewUser="CN="+realName+","+this.getFullOu(ctx,ou)+","+ldapProperty.getDomainDC();
275. ctx.createSubcontext(newUser,attrs);
277. ModificationItem[]mods=newModificationItem[2];
278. StringnewQuotedPassword="/""+userName+"/"";
279. byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
280. mods[0]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
281. mods[1]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT+UF_PASSWORD_EXPIRED)));
282. ctx.modifyAttributes(newUser,mods);
283. mods=null;
284. returntrue;
285. }catch(NamingExceptione){
286. e.printStackTrace();
287. }catch(IOExceptione){
288. e.printStackTrace();
289. }finally{
290. if(ctx!=null){
291. try{
292. ctx.close();
293. }catch(NamingExceptione){
294. e.printStackTrace();
295. }
296. ctx=null;
297. }
298. }
299. returnfalse;
300. }
304. /**
305. *功能：管理员用户初始化用户密码
306. *@paramsUserName
307. *@paramsNewPassword
308. *@return
309. *
310. *作者：陈艺武
311. *日期：Apr13,2010
312. */
313. publicbooleanadminChangePassword(StringadminUser,StringadminPwd,StringsUserName){
314. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
315. LdapContextctx=null;
317. //不能从应用中修改超级管理员密码
318. if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
319. returnfalse;
320. try{
321. ctx=getConnectionFromFool();
322. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
323. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
325. ModificationItem[]mods=newModificationItem[1];
326. StringnewQuotedPassword="/""+sUserName+"< 15074 span style="border:none;background-color:inherit;">/"";
327. byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
328. mods[0]=newModificationItem(DirContext.REPLACE_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
329. StringcnUser=getUser(ctx,sUserName)+","+ldapProperty.getDomainDC();
330. ctx.modifyAttributes(cnUser,mods);
331. returntrue;
332. }catch(Exceptione){
333. e.printStackTrace();
334. }finally{
335. try{
336. ctx.close();
337. }catch(Exceptione){
338. e.printStackTrace();
339. }
340. }
341. returnfalse;
342. }
346. /**
347. *功能：用户修改密码
348. *@paramsUserName
349. *@paramsOldPassword
350. *@paramsNewPassword
351. *@return
352. *
353. *作者：陈艺武
354. *日期：Apr9,2010
355. */
356. publicbooleanuserChangePassword(StringsUserName,StringsOldPassword,StringsNewPassword){
357. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
358. LdapContextctx=null;
359. StringuserNameAndDomain=sUserName+"@"+ldapProperty.getDomain();
361. //不能从应用中修改超级管理员密码
362. if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
363. returnfalse;
364. try{
365. ctx=getConnectionFromFool();
366. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,userNameAndDomain);
367. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,sOldPassword);
369. ModificationItem[]mods=newModificationItem[2];
370. StringoldQuotedPassword="/""+sOldPassword+"/"";
371. byte[]oldUnicodePassword=oldQuotedPassword.getBytes("UTF-16LE");
372. StringnewQuotedPassword="/""+sNewPassword+"/"";
373. byte[]newUnicodePassword=newQuotedPassword.getBytes("UTF-16LE");
374. mods[0]=newModificationItem(DirContext.REMOVE_ATTRIBUTE,newBasicAttribute("unicodePwd",oldUnicodePassword));
375. mods[1]=newModificationItem(DirContext.ADD_ATTRIBUTE,newBasicAttribute("unicodePwd",newUnicodePassword));
377. StringcnUser=getUser(ctx,sUserName)+","+ldapProperty.getDomainDC();
378. ctx.modifyAttributes(cnUser,mods);
379. returntrue;
380. }catch(Exceptione){
381. e.printStackTrace();
382. }finally{
383. try{
384. ctx.close();
385. }catch(Exceptione){
386. e.printStackTrace();
387. }
388. }
389. returnfalse;
390. }
395. /**
396. *功能：修改用户信息
397. *@paramattrs
398. *@paramuserDN
399. *@return
400. *
401. *作者：陈艺武
402. *日期：Apr12,2010
403. */
404. publicbooleanmodify(Attributesattrs,StringuserDN){
405. LdapContextctx=null;
406. try{
407. ctx=getConnectionFromFool();
408. attrs.remove(key_index);
409. ctx.modifyAttributes(userDN,DirContext.REPLACE_ATTRIBUTE,attrs);
410. returntrue;
411. }catch(NamingExceptione){
412. System.err.println("Problemchangingpassword:"+e);
413. }catch(Exceptione){
414. System.err.println("Problem:"+e);
415. }finally{
416. try{
417. ctx.close();
418. }catch(Exceptione){
419. e.printStackTrace();
420. }
422. }
423. returnfalse;
424. }
427. /**
428. *功能：删除用户
429. *@paramadminUser
430. *@paramadminPwd
431. *@paramuserDN用户登陆名
432. *@return
433. *
434. *作者：陈艺武
435. *日期：Apr12,2010
436. */
437. publicbooleandel(StringadminUser,StringadminPwd,StringuserName){
438. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
439. LdapContextctx=null;
441. try{
442. ctx=getConnectionFromFool();
443. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,adminUser+"@"+ldapProperty.getDomain());
444. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,adminPwd);
445. StringadUser=getUser(ctx,userName)+","+ldapProperty.getDomainDC();
447. ctx.destroySubcontext(adUser);
448. returntrue;
449. }catch(NamingExceptione){
450. System.err.println("Problemchangingpassword:"+e);
451. }catch(Exceptione){
452. System.err.println("Problem:"+e);
453. }finally{
454. try{
455. ctx.close();
456. }catch(Exceptione){
457. e.printStackTrace();
458. }
460. }
461. returnfalse;
462. }
468. privatevoidsetObjectclassToAttribute(Attributeobjclass){
469. objclass.add("top");
470. objclass.add("person");
471. objclass.add("organizationalPerson");
472. objclass.add("inetorgperson");
473. }
476. privateStringgetUser(LdapContextctx,Stringusr){
477. StringuserName="";
478. Stringfilter="sAMAccountName="+usr;
479. SearchResultsi=getSearchResult(ctx,filter);
480. if(si!=null)
481. userName=si.getName();
482. returnuserName;
483. }
486. privateStringgetFullOu(LdapContextctx,Stringou){
487. StringuserName="";
488. Stringfilter="(&(objectClass=organizationalUnit)(name="+ou+"))";
489. SearchResultsi=getSearchResult(ctx,filter);
490. if(si!=null)
491. userName=si.getName();
492. returnuserName;
493. }
496. privateSearchResultgetSearchResult(LdapContextctx,Stringfilter){
497. SearchResultsi=null;
498. PropertyItemldapProperty=(PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
499. try{
500. SearchControlsconstraints=newSearchControls();
501. co<mce:scripttype="text/javascript"src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"></mce:script><mce:scripttype="text/javascript"src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"></mce:script>nstraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
502. NamingEnumerationen=ctx.search(ldapProperty.getDomainDC(),filter,constraints);//查询所有用户
504. while(en!=null&&en.hasMoreElements()){
505. Objectobj=en.nextElement();
506. if(objinstanceofSearchResult){
507. si=(SearchResult)obj;
508. break;
509. }
510. }
511. }catch(NamingExceptionex){
512. ex.printStackTrace();
513. }
514. returnsi;
515. }
516. }
517. classLdapADManagerControlimplementsControl{
518. publicbyte[]getEncodedValue(){
519. returnnull;
520. }
521. publicStringgetID(){
522. return"1.2.840.113556.1.4.1781";
523. }
524. publicbooleanisCritical(){
525. returntrue;
526. }
527. }