最近做的項目中,登錄時需要連接到遠程LDAP服務器對用戶身份進行合法性驗證,並獲取登錄用戶權限等數據。下面是Java中訪問LDAP的核心代碼,供大家參考:
public boolean authenticateUserViaLdap(String username, String password)
throws LogicException {
Hashtable srchEnv = new Hashtable(11);
// 從ldap.properties配置文件中獲取LDAP服務器的一些屬性
String ldapURL = PropertyUtils.getProperty("ldap.server.url",
PROPFILEPATH);
String ldapPort = PropertyUtils.getProperty("ldap.server.port",
PROPFILEPATH);
String authMode = PropertyUtils.getProperty("ldap.server.auth.mode",
PROPFILEPATH);
String searchBase = PropertyUtils.getProperty(
"ldap.server.search.base", PROPFILEPATH);
String authPrincipal = PropertyUtils.getProperty(
"ldap.server.auth.principal", PROPFILEPATH);
// replace the word [username] in authPrincipal with the user's name
String resultAuthPrincipal = "";
resultAuthPrincipal = authPrincipal.substring(0, authPrincipal
.indexOf("[username]"))
+ username;
if (authPrincipal.length() > (authPrincipal.indexOf("[username]") + "[username]"
.length())) {
resultAuthPrincipal += authPrincipal.substring(authPrincipal
.indexOf("[username]")
+ "[username]".length());
}
logger.debug("security principal: " + resultAuthPrincipal);
srchEnv.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
srchEnv.put(Context.SECURITY_AUTHENTICATION, authMode);
srchEnv.put(Context.SECURITY_PRINCIPAL, resultAuthPrincipal);
srchEnv.put(Context.SECURITY_CREDENTIALS, password);
srchEnv.put(Context.PROVIDER_URL, ldapURL + ":" + ldapPort);
String[] returnAttribute = { "dn" };
SearchControls srchControls = new SearchControls();
srchControls.setReturningAttributes(returnAttribute);
srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(cn=" + username + ")";
try {
DirContext srchContext = new InitialDirContext(srchEnv);
NamingEnumeration srchResponse = srchContext.search(searchBase,
searchFilter, srchControls);
String distName = srchResponse.nextElement().toString();
logger.debug("user authentication successful.");
return true;
} catch (NamingException namEx) {
logger.error("user authentication failed.");
logger.error(namEx, namEx.fillInStackTrace());
}
return false;
}