Spring中的Active Directory用户搜索

时间:2016-07-04 07:50:29

标签: spring-security spring-boot active-directory spring-security-ldap

我使用Spring Security实现了Active Directory身份验证,并且它运行正常。现在我想了解使用sAMAccountName的其他用户的详细信息。我需要管理员在我们的应用程序中批准或拒绝用户的此功能。使用下面的代码,我可以获取登录的用户详细信息。

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 String currentPrincipalName = authentication.getName();

如何使用此Authentication对象获取其他用户详细信息。 我使用spring-security-ldap-4.0.1 spring-security-core-4.0.1

1 个答案:

答案 0 :(得分:0)

你应该看一下UserDetailsContextMapper。已经实现了一些类,可以自动映射LDAP对象的某些属性,如InetOrgPersonContextMapperPersonContextMapper。如果您有任何特殊属性,则必须注册自己的属性,例如:我们使用managerdirectReports的属性存储在AD中的报告行,我必须手动映射。

public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {

    @Autowired
    private LdapUserService ldapUserService;

    @Override
    public UserDetails mapUserFromContext(DirContextOperations ops, String username,
            Collection<? extends GrantedAuthority> authorities) {

        UserDetails details = super.mapUserFromContext(ops, username, authorities);

        String manager = ops.getStringAttribute("manager");
        String[] directReports = ops.getStringAttributes("directReports");

        User user = new User(
                username, 
                "", 
                details.isEnabled(), 
                details.isAccountNonExpired(), 
                details.isCredentialsNonExpired(), 
                details.isAccountNonLocked(), 
                details.getAuthorities(), 
                manager,
                directReports); 

        return user;
    }

    @Override
    public void mapUserToContext(UserDetails user, DirContextAdapter dir) {
        super.mapUserToContext(user, dir);
    }

}

显然,您还必须调整UserDetails

public class User extends org.springframework.security.core.userdetails.User {

    private String manager;
    private String[] directReports;

    public User(String username, String password, boolean enabled, boolean accountNonExpired,
            boolean credentialsNonExpired, boolean accountNonLocked,
            Collection<? extends GrantedAuthority> authorities) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }

    public User(String username, String password, boolean enabled, boolean accountNonExpired,
            boolean credentialsNonExpired, boolean accountNonLocked,
            Collection<? extends GrantedAuthority> authorities, String manager, String[] directReports) {
        this(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
        this.manager = manager;
        this.directReports = directReports;
    }

    public String getManager() {
        return manager;
    }

    public String[] getDirectReports() {
        return directReports;
    }
}

希望这有帮助。

相关问题
最新问题