zoukankan      html  css  js  c++  java

  • java集成微软的ad域,实现单点登录

    1.ad域介绍:

    windos server 2008R2服务器下的ad域,见下图(我是在虚拟机安装到windos server)

    2.连接ad域代码:(里面代码自行修改)

    public ResultMsg<User> loginAd(User user) throws Exception {
        ResultMsg<User> msg;
        //通过ad域登录
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        //ad域地址:windos server上输入ipconfig查看,369是固定端口,dc=contoso,dc=com是域的范围
        env.put(Context.PROVIDER_URL, "ldap://192.168.153.160:389/dc=contoso,dc=com");
        //ad域里面的用户
        env.put(Context.SECURITY_PRINCIPAL, "admin@contoso.com");
        //ad域里面的密码
        env.put(Context.SECURITY_CREDENTIALS, "Ai123456");
        DirContext ctx = null;
        NamingEnumeration results = null;
        User u1 = null;
        String st="";
        try {
            //登录验证
            ctx = new InitialDirContext(env);
            SearchControls controls = new SearchControls();
            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            //根据用户名查看ad域中是否存在当前用户
            results = ctx.search("", "(&(objectclass=person)(userprincipalname=" + user.getUsername()+domainName + "))", controls);
            SearchResult searchResult = (SearchResult) results.next();
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                //查询数据库用户
                User userByName = userService.getUserByName(user.getUsername());
                if(userByName==null)
                {
                    //设置唯一id
                    try {
                        for (NamingEnumeration ne=attributes.getAll();ne.hasMore();)
                        {
                            Attribute Attr = (Attribute) ne.next();
                            if ("objectGUID".equals(Attr.getID()))
                            {
                                st = DeptServiceImpl.getGUID(Attr.get().toString().getBytes());
                            }
                        }
                    }catch (Exception e)
                    {
                        e.printStackTrace();
                    }
                    //查询员工是否存在,若存在返回id编号不存在就插入
                    EmpBasic empBasicByUserPrincipalName = empMapper.getObjectGuid(st);
                    Integer integer;
                    if(empBasicByUserPrincipalName==null)
                    {
                        //添加员工
                        EmpBasic empBasic=new EmpBasic();
                        empBasic.setLastName(attributes.get("sn")==null?"":attributes.get("sn").get().toString());
                        empBasic.setFirstName(attributes.get("givenName")==null?"":attributes.get("givenName").get().toString());
                        empBasic.setNickName(attributes.get("displayname")==null?"":attributes.get("displayname").get().toString());
                        empBasic.setUserName(attributes.get("userprincipalname")==null?"":attributes.get("userprincipalname").get().toString().split("@")[0]);
                        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
                        empBasic.setHireDate(df.format(new Date()));
                        empBasic.setEmail(attributes.get("mail")==null?"":attributes.get("mail").get().toString());
                        empBasic.setCellphone(attributes.get("mobile")==null?"":attributes.get("mobile").get().toString());

                        empBasic.setObjectGuid(st);
                        String dateRq= attributes.get("whenCreated").get().toString().substring(0,8);
                        SimpleDateFormat df1 = new SimpleDateFormat("yyyyMMdd");
                        Date date=df1.parse(dateRq);
                        empBasic.setHireDate(df.format(date));

                        //查询部门编号
                        String str = attributes.get("distinguishedName").get().toString().substring(
                                attributes.get("distinguishedName").get().toString().indexOf("O"));
                        Department department = deptMapper.getDistinguiName(str);
                        empBasic.setDeptNo(department.getDeptNo());
                        //返回插入的id
                        integer = empService.addAdEmp(empBasic);
                    }else
                        {
                            integer=empBasicByUserPrincipalName.getEmpNo();
                        }
                    //添加用户
                    User u = new User();
                    u.setUsername(attributes.get("userprincipalname").get().toString().split("@")[0]);
                    u.setLastName(attributes.get("sn")==null?"":attributes.get("sn").get().toString());
                    u.setFirstName(attributes.get("givenName")==null?"":attributes.get("givenName").get().toString());
                    u.setNickName(attributes.get("displayname")==null?"":attributes.get("displayname").get().toString());
                    u.setUserNo(integer.toString());
                    //添加用户时,用户类型默认为1,
                    u.setUserType(1);//?
                    //添加用户时,用户默认启用
                    u.setEnabled(1);
                    u.setIsAd(1);
                    userService.addAdUser(u);

                    u1= userService.getUserByName(u.getUsername());
                }else
                {
                    u1=userByName;
                    //查询部门
                    if (u1.getUserType().equals(1)) { //用户类型为员工时才查询其部门
                        u1.setDepartment(userService.getDeptInfoByUsername(user.getUsername()));
                    };
                }
            }
        } catch (AuthenticationException e) {
            String erroMsg=  e.getMessage();
            if (erroMsg.contains("701"))
            {
                msg = new ResultMsg<User>(false, "该账户已过期");
            }else if (erroMsg.contains("52e"))
            {
                msg = new ResultMsg<User>(false, "用户或密码错误");
            }else if (erroMsg.contains("525"))
            {
                msg = new ResultMsg<User>(false, "用户或密码错误");
            }else if (erroMsg.contains("773"))
            {
                msg = new ResultMsg<User>(false, "用户必须重置密码");
            } else if (erroMsg.contains("533"))
            {
                msg = new ResultMsg<User>(false, "用户账户禁用");
            }else
            {
                msg = new ResultMsg<User>(false, "用户登录失败");
            }
            return msg;
        } catch (NameNotFoundException e)//沒有对象
        {
            e.printStackTrace();
            msg = new ResultMsg<User>(false, "登录发生异常");
            return msg;
        } catch (NamingException e) {
            e.printStackTrace();
            msg = new ResultMsg<User>(false, "登录发生异常");
            return msg;
        } finally {
            if (results != null) {
                try {
                    results.close();
                } catch (Exception e) {
                }
            }
            if (ctx != null) {
                try {
                    ctx.close();
                } catch (Exception e) {
                }
            }
        }
        return msg = new ResultMsg<User>(true, "登录验证成功", "", u1);
    }
    View Code
  • 相关阅读:
    Linux Context , Interrupts 和 Context Switching 说明
    zabbix监控cpu jumps
    国际时区 TimeZone ID列表
    onenote无法更新,提示无法流式传输、无法登陆等问题解答
    Laravel Lumen 数组操作
    ApiDoc 和 Swagger 接口文档
    现代 PHP 新特性系列
    php 流(Stream)
    laravel Lumen邮箱发送配置
    钉钉开发验证登录功能
  • 原文地址:https://www.cnblogs.com/anlegou/p/10712004.html
Copyright © 2011-2022 走看看