堆栈内存溢出
  简体   繁体   English

Spring Security LDAP获取用户给定名称

[英]Spring Security LDAP get User Given Name

 原文  2014-12-26 07:26:05       spring/ spring-security-ldap

问题描述

I am using Spring security 3.2.4 with Windows AD LDAP. 我在Windows AD LDAP中使用Spring Security 3.2.4。 I am able to successfully authenticate and LdapUserDetailsImpl is populated. 我能够成功进行身份验证,并且已填充LdapUserDetailsImpl。 From LdapUserDetailsImpl I can get the username, authorities, but how to get the employee name (not the login user name) LdapUserDetailsImpl contains following properties and values 从LdapUserDetailsImpl中,我可以获取用户名,权限,但如何获取员工名称(而非登录用户名)LdapUserDetailsImpl包含以下属性和值 

Username = 40000 , 
Enabled = true,
AccountNonExpired = true,
Dn: cn=employee name,ou=IT_FM,ou=XXX_USERS,dc=XXXX,dc=CO,dc=IN;

How do it get the employee name, Do I need to extend some class and write my own mapping or may be simply get Dn from the principal and split the string to get the employee name. 它是如何获得雇员姓名的?我是否需要扩展某些类并编写自己的映射,或者可能只是从委托人那里获取Dn并拆分字符串以获取雇员姓名。

3 个解决方案

解决方案1
 1  2015-01-22 06:26:13

You can just get the Dn from Principal and extract the username (cn) 您只需从Principal获取Dn并提取用户名(cn) 

LdapUserDetailsImpl ldapDetails = (LdapUserDetailsImpl) SecurityContextHolder
            .getContext().getAuthentication().getPrincipal();
String dn = ldapDetails.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
String username = dn.substring(beginIndex, endIndex);

解决方案2
 1  2017-12-23 19:48:44

@Mukun almost has this. @Mukun差不多有这个。 The only thing is, instead of: 唯一的是,而不是: 

String dn = ldapUserDetailsImpl.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));

I would have: 我会: 

String name = ctx.getObjectAttribute("cn").toString()
myUserDetails.setEmployeeName(name)

This lets LDAP integration handle all the horrible stuff for you and loses the danger of chopping up strings yourself. 这使LDAP集成可以为您处理所有可怕的事情,并且避免了自己切碎字符串的危险。

You might also consider 您可能还会考虑 

myUserDetails.setFirstName(ctx.getObjectAttribute("givenName").toString())
myUserDetails.setLastName(ctx.getObjectAttribute("sn").toString())

These things should work for both MS AD, "normal" LDAP and possible Novell too. 这些东西对于MS AD,“常规” LDAP和可能的Novell都应该起作用。

So the full answer would be: 因此, 完整的答案将是: 

@Service
public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
    @Override
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
        MyUserDetails myUserDetails = new MyUserDetails();
        myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
        myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
        myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
        myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
        myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
        myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
        myUserDetails.setEmployeeName(ctx.getObjectAttribute("cn").toString());
        return myUserDetails;
    }
}

解决方案3
 0  2014-12-26 16:35:53

My Custom Mapper. 我的自定义映射器。 Is this correct way of doing ? 这是正确的做法吗? 

 @Service
    public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
        @Override
        public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
            LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
            MyUserDetails myUserDetails = new MyUserDetails();
            myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
            myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
            myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
            myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
            myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
            myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
            String dn = ldapUserDetailsImpl.getDn();
            int beginIndex = dn.indexOf("cn=") + 3;
            int endIndex = dn.indexOf(",");
            myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));
            return myUserDetails;
        }

    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用带有LDAP的Spring Security获得用户信息 - How can I get the user information using Spring Security with LDAP Spring LDAP 使用用户名获取用户的完整专有名称 - Spring LDAP Get a user's Full Distinguished Name using Username Spring安全性配置来认证ldap用户 - Spring security configuration to authenticate ldap user 如何在 Spring Security SecurityConfig 中获取用户给定的用户名和密码? - How to get user-given username and password in Spring Security SecurityConfig? Spring Security LDAP获取其他字段 - spring security LDAP get additional fields 如何使用Spring Security,Spring LDAP和Hibernate处理用户信息? - How to handle user information with Spring Security, Spring LDAP, and Hibernate? Spring Security LDAP连接 - Spring security LDAP connection Spring Security和多个LDAP - Spring Security and multiple LDAP 春季安全性ldap - Spring Security ldap Spring Security和LDAP身份验证 - Spring Security and LDAP authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM