1

我正在使用带有 Windows AD LDAP 的 Spring security 3.2.4。我能够成功验证并填充 LdapUserDetailsImpl。从 LdapUserDetailsImpl 我可以获取用户名、权限,但如何获取员工姓名(不是登录用户名) LdapUserDetailsImpl 包含以下属性和值

Username = 40000 , 
Enabled = true,
AccountNonExpired = true,
Dn: cn=employee name,ou=IT_FM,ou=XXX_USERS,dc=XXXX,dc=CO,dc=IN;

如何获取员工姓名,我是否需要扩展一些类并编写自己的映射,或者可能只是从主体获取 Dn 并拆分字符串以获取员工姓名。

4

3 回答 3

1

您可以从 Principal 获取 Dn 并提取用户名 (cn)

LdapUserDetailsImpl ldapDetails = (LdapUserDetailsImpl) SecurityContextHolder
            .getContext().getAuthentication().getPrincipal();
String dn = ldapDetails.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
String username = dn.substring(beginIndex, endIndex);
于 2015-01-22T06:26:13.640 回答
1

@Mukun 几乎有这个。唯一的事情是,而不是:

String dn = ldapUserDetailsImpl.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));

我会:

String name = ctx.getObjectAttribute("cn").toString()
myUserDetails.setEmployeeName(name)

这让 LDAP 集成可以为您处理所有可怕的事情,并且避免了自己破坏字符串的危险。

你也可以考虑

myUserDetails.setFirstName(ctx.getObjectAttribute("givenName").toString())
myUserDetails.setLastName(ctx.getObjectAttribute("sn").toString())

这些东西应该适用于 MS AD、“普通”LDAP 和可能的 Novell。

所以完整的答案是:

@Service
public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
    @Override
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
        MyUserDetails myUserDetails = new MyUserDetails();
        myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
        myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
        myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
        myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
        myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
        myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
        myUserDetails.setEmployeeName(ctx.getObjectAttribute("cn").toString());
        return myUserDetails;
    }
}
于 2017-12-23T19:48:44.627 回答
0

我的自定义映射器。这是正确的做法吗?

 @Service
    public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
        @Override
        public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
            LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
            MyUserDetails myUserDetails = new MyUserDetails();
            myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
            myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
            myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
            myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
            myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
            myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
            String dn = ldapUserDetailsImpl.getDn();
            int beginIndex = dn.indexOf("cn=") + 3;
            int endIndex = dn.indexOf(",");
            myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));
            return myUserDetails;
        }

    }
于 2014-12-26T16:35:53.077 回答