Dharma 114 号会员
  •  0 回帖  •  238 浏览  •  4 年前
 

LDAP 统一认证服务 系统集成

维柴项目上线 需要满足统一身份认证集成工作 就是首页登录的时候不在使用平台默认的 spring 安全认证,使用改为 ldap 接口进行认证需要修改一下代码
1 修改 applicationContext-security.xml 配置项 新增自定义认证类
package com.epichust.service.project;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.epichust.interfaces.ad.AdVerification;
import com.epichust.mestar.account.service.impl.UserDetailsServiceImpl;
import com.epichust.mestar.utils.security.MD5Util;

// 重写 spring 安全认证
public class ThtAuthenticationProvider implements AuthenticationProvider {
@Autowired
UserDetailsServiceImpl userDetailsService;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
	UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
	//登录用户名称
	String tokenName = token.getName();
	//登录密码
	String credentials = (String) token.getCredentials();
	 UserDetails userDetails=null;
	//AD域验证 
	//AdVerification.connect("10.0.6.101", "389", "zdmes", "zhuduanmes@2019") 
	if(AdVerification.connect("10.0.6.101", "389", tokenName, credentials))
	{
		 //查询用户信息
		  userDetails = userDetailsService.loadUserByUsername(tokenName);
		if (userDetails == null) {
			throw new UsernameNotFoundException("用户不存在");
		} else {
			//String encryptedPassword = userDetails.getPassword(); // 数据库用户的密码,一般都是加密过的

			//String encryptedCredentials = MD5Util.MD5(credentials);
			// 没有加salt,直接用MD5
			// String encryptedCredentials2 = passwordEncoder.encodePassword(credentials,
			// null);
			// 根据加密算法加密用户输入的密码,然后和数据库中保存的密码进行比较
			//已经通过AD域验证,不在验证系统密码
			/*
			 * if (!encryptedCredentials.equals(encryptedPassword)) { throw new
			 * BadCredentialsException("用户名/密码无效"); }
			 */
		}
		// 成功登陆,把用户信息提交给 Spring Security
		// 密码使用数据库中保存的密码,而不是用户输入的明文密码
		
	}
	else
	{
		throw new BadCredentialsException("AD验证失败");
	}
	UsernamePasswordAuthenticationToken token1 = new UsernamePasswordAuthenticationToken(userDetails,
			userDetails.getPassword(), userDetails.getAuthorities());
	

	return token1;
}

@Override
public boolean supports(Class<?> authentication) {
	return UsernamePasswordAuthenticationToken.class.equals(authentication);
}

}

2 添加注入

修改为自定义的类

3 Java 调用 AD 域 类
package com.epichust.interfaces.ad;

import java.util.Hashtable;

import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

import org.springframework.stereotype.Service;

import com.epichust.mestar.logging.MestarLogger;

@Service
public class AdVerification{
/**
* 使用 java 连接 AD 域
* @author k
* @return void
* @throws 异常说明
* @param host 连接 AD 域服务器的 ip
* @param post AD 域服务器的端口
* @param username 用户名
* @param password 密码
*/
public static boolean connect(String host,String post,String username,String password) {
DirContext ctx=null;
boolean flag=false;
// LdapContext ctx=null ;
Hashtable<String,String> HashEnv = new Hashtable<String,String>();
HashEnv.put(Context.SECURITY_AUTHENTICATION, “simple”); // LDAP 访问安全级别 (none,simple,strong)
HashEnv.put(Context.SECURITY_PRINCIPAL, username+“@weichai.com”); //AD 的用户名
//HashEnv.put(Context.SECURITY_PRINCIPAL, username);
HashEnv.put(Context.SECURITY_CREDENTIALS, password); //AD 的密码
HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,“com.sun.jndi.ldap.LdapCtxFactory”); // LDAP 工厂类
HashEnv.put(“com.sun.jndi.ldap.connect.timeout”, “3000”);// 连接超时设置为 3 秒
HashEnv.put(Context.PROVIDER_URL, “ldap://” + host + “:” + post);// 默认端口 389
try {
ctx = new InitialDirContext(HashEnv);// 初始化上下文
// ctx = new InitialLdapContext(HashEnv, null);
// System.out.println(“Success!”);
flag = true;
MestarLogger.error(“Success,AD 验证成功!”);
} catch (AuthenticationException e) {
// System.out.println(“Fail!”);
MestarLogger.error(“AD 验证失败!”);
e.printStackTrace();
} catch (javax.naming.CommunicationException e) {
MestarLogger.error(“AD 域连接失败!”);
e.printStackTrace();
} catch (Exception e) {
MestarLogger.error(“身份验证未知异常!”);
e.printStackTrace();
} finally{
if(null!=ctx){
try {
ctx.close();
ctx=null;
} catch (Exception e) {
e.printStackTrace();
}
}
}
return flag;
}

public static void main(String[] args) {  
	//AdVerification.connect("10.0.6.101", "389", "lifuqing", "1022030a?");  
	//AdVerification.connect("10.0.6.101", "389", "zdmes", "zhuduanmes@2019");  
	AdVerification.connect("10.0.6.101", "389", "ducw", "19NTH2En");  
}

}

这样登录密码验证就改为 ldap 接口验证