[英]Spring Security LDAP get User Given Name
I am using Spring security 3.2.4 with Windows AD LDAP. 我在Windows AD LDAP中使用Spring Security 3.2.4。 I am able to successfully authenticate and LdapUserDetailsImpl is populated.
我能够成功进行身份验证,并且已填充LdapUserDetailsImpl。 From LdapUserDetailsImpl I can get the username, authorities, but how to get the employee name (not the login user name) LdapUserDetailsImpl contains following properties and values
从LdapUserDetailsImpl中,我可以获取用户名,权限,但如何获取员工名称(而非登录用户名)LdapUserDetailsImpl包含以下属性和值
Username = 40000 ,
Enabled = true,
AccountNonExpired = true,
Dn: cn=employee name,ou=IT_FM,ou=XXX_USERS,dc=XXXX,dc=CO,dc=IN;
How do it get the employee name, Do I need to extend some class and write my own mapping or may be simply get Dn from the principal and split the string to get the employee name. 它是如何获得雇员姓名的?我是否需要扩展某些类并编写自己的映射,或者可能只是从委托人那里获取Dn并拆分字符串以获取雇员姓名。
You can just get the Dn from Principal and extract the username (cn) 您只需从Principal获取Dn并提取用户名(cn)
LdapUserDetailsImpl ldapDetails = (LdapUserDetailsImpl) SecurityContextHolder
.getContext().getAuthentication().getPrincipal();
String dn = ldapDetails.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
String username = dn.substring(beginIndex, endIndex);
@Mukun almost has this. @Mukun差不多有这个。 The only thing is, instead of:
唯一的是,而不是:
String dn = ldapUserDetailsImpl.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));
I would have: 我会:
String name = ctx.getObjectAttribute("cn").toString()
myUserDetails.setEmployeeName(name)
This lets LDAP integration handle all the horrible stuff for you and loses the danger of chopping up strings yourself. 这使LDAP集成可以为您处理所有可怕的事情,并且避免了自己切碎字符串的危险。
You might also consider 您可能还会考虑
myUserDetails.setFirstName(ctx.getObjectAttribute("givenName").toString())
myUserDetails.setLastName(ctx.getObjectAttribute("sn").toString())
These things should work for both MS AD, "normal" LDAP and possible Novell too. 这些东西对于MS AD,“常规” LDAP和可能的Novell都应该起作用。
So the full answer would be: 因此, 完整的答案将是:
@Service
public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
MyUserDetails myUserDetails = new MyUserDetails();
myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
myUserDetails.setEmployeeName(ctx.getObjectAttribute("cn").toString());
return myUserDetails;
}
}
My Custom Mapper. 我的自定义映射器。 Is this correct way of doing ?
这是正确的做法吗?
@Service
public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
MyUserDetails myUserDetails = new MyUserDetails();
myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
String dn = ldapUserDetailsImpl.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));
return myUserDetails;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.