1. 首页
  2. 问答
  3. Spring中的Active Directory用户搜索

Spring中的Active Directory用户搜索

2016-07-04 226 views
0

我已经使用Spring Security实现了Active Directory身份验证,并且工作正常。现在我想要了解其他用户使用他们的sAMAccountName的详细信息。管理员在我们的应用程序中批准或拒绝用户所需的此功能。使用下面的代码,我可以获取登录的用户详细信息。Spring中的Active Directory用户搜索

Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); 
String currentPrincipalName = authentication.getName();

如何使用此Authentication对象来获取其他用户详细信息。 我使用spring-security-ldap-4.0.1spring-security-core-4.0.1

来源

2016-07-04 Sathesh S

回答

0

您应该看看UserDetailsContextMapper。已经有实现类自动映射LDAP对象的一些属性,如InetOrgPersonContextMapperPersonContextMapper。如果有任何特殊属性,您必须注册您自己的,例如我们使用属性managerdirectReports报告存储在AD中的行,我必须手动进行映射。

public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper { 

    @Autowired 
    private LdapUserService ldapUserService; 

    @Override 
    public UserDetails mapUserFromContext(DirContextOperations ops, String username, 
      Collection<? extends GrantedAuthority> authorities) { 

     UserDetails details = super.mapUserFromContext(ops, username, authorities); 

     String manager = ops.getStringAttribute("manager"); 
     String[] directReports = ops.getStringAttributes("directReports"); 

     User user = new User(
       username, 
       "", 
       details.isEnabled(), 
       details.isAccountNonExpired(), 
       details.isCredentialsNonExpired(), 
       details.isAccountNonLocked(), 
       details.getAuthorities(), 
       manager, 
       directReports); 

     return user; 
    } 

    @Override 
    public void mapUserToContext(UserDetails user, DirContextAdapter dir) { 
     super.mapUserToContext(user, dir); 
    } 

}

而且很明显,你还必须调整你的UserDetails还有:

public class User extends org.springframework.security.core.userdetails.User { 

    private String manager; 
    private String[] directReports; 

    public User(String username, String password, boolean enabled, boolean accountNonExpired, 
      boolean credentialsNonExpired, boolean accountNonLocked, 
      Collection<? extends GrantedAuthority> authorities) { 
     super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
    } 

    public User(String username, String password, boolean enabled, boolean accountNonExpired, 
      boolean credentialsNonExpired, boolean accountNonLocked, 
      Collection<? extends GrantedAuthority> authorities, String manager, String[] directReports) { 
     this(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
     this.manager = manager; 
     this.directReports = directReports; 
    } 

    public String getManager() { 
     return manager; 
    } 

    public String[] getDirectReports() { 
     return directReports; 
    } 
}

希望这有助于。

来源

2016-07-04 09:42:14

相关问题

 相关问题