gpt4 book ai didi

java - 使用 Java 程序从 LDAP 检索用户的嵌套组

转载 作者:行者123 更新时间:2023-12-02 06:12:10 26 4
gpt4 key购买 nike

我在网上搜索了一下,发现了类似的问题。由于我是 LDAP 的新手,必须寻求帮助。

现在代码会为用户带来所有组。当user1登录时,它会带来A组。

新要求是:如果 A 组是 B 组的成员,我们需要连同 A 组一起检索 B 组。

我正在尝试通过调整查询来实现这一目标。我读到了一些匹配规则 OID 1.2.840.113556.1.4.1941 和 LDAP_MATCHING_RULE_IN_CHAIN。但无法弄清楚如何在我的代码中实现。

    import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;


public abstract class SAPSecurityFilter implements Filter {

protected abstract SAPPrincipal buildGroups(SAPPrincipal principal, NamingEnumeration<SearchResult> results) throws NamingException;

private static final String SECURE_ENTERPRISE_DIRECTORY = "ldaps://ldap.abc.com:636/o=abc.com";
private static final String PRINCIPAL_NAME = "SAPPrincipal";
private static final String ENTERPRISE_DIRECTORY = "ldap://ldap.abc.com:389/o=abc.com";
private static final String USER_KEY = "HTTP_SM_USER";
private static final String BASE = "ou=Groups";
private static final String GROUP_QUERY = "(member=uid=%s,ou=People,o=abc.com)";
private final CacheManager cacheManager;

private List<String> excludeUrlPatterns = new ArrayList<String>();


public SAPSecurityFilter() {
// Setup Cache for principals
// cache Manager
URL url = getClass().getResource("/data-cache.xml");
cacheManager = new CacheManager(url);
}

public void destroy() {
// TODO Auto-generated method stub

}

/**
* doFilter
* <p/>
* Read the request headers for the HTTP_SM_USER value
* This value is the users email address.
* Using the email address lookup the users values in Enterprise directory
* Populate the principal and place it in request scope.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {

//SAPt the request into HttpServletRequest
String path = ((HttpServletRequest) request).getPathInfo();
if (patternExcluded(path) || "OPTIONS".equalsIgnoreSAPe(((HttpServletRequest) request).getMethod())) {
chain.doFilter(request, response);
} else {
String smUser = ((HttpServletRequest) request).getRemoteUser();
HttpSession session = ((HttpServletRequest) request).getSession();
if (smUser == null) throw new ServletException("USER TOKEN MISSING");

// use the smUser to get the data needed to build a principal
LdapContext ctx = null;
// build SAP principal //
SAPPrincipal principal = new SAPPrincipal();
principal.setName(smUser);
//Cache cache = cacheManager.getCache("principalCache");

//Element element = cache.get(smUser);
// Cache miss for user

if (session.getAttribute(PRINCIPAL_NAME) == null) {

try {
ctx = getLdapContext(smUser);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrs = {"cn"};
constraints.setReturningAttributes(attrs);

String filter = String.format(GROUP_QUERY, smUser);
NamingEnumeration<SearchResult> results = ctx.search(BASE, filter, constraints);
principal = buildGroups(principal, results);
//cache.put(new Element(smUser, principal));
session.setAttribute(PRINCIPAL_NAME, principal);
} catch (NamingException ne) {
throw new ServletException(ne);

} finally {
try {
if (ctx != null) ctx.close();
} catch (NamingException ne) {
// swallow on purpose
}
}
// Cache Hit for user
} else {
principal = (SAPPrincipal) session.getAttribute(PRINCIPAL_NAME);
}

// add principal to securityContext and SAPContext//
SAPContext.setPrincipal(principal);
chain.doFilter(new SecurityRequestWrapper(principal, (HttpServletRequest) request), response);
}

}

最佳答案

您的过滤器需要类似于:

(member:1.2.840.113556.1.4.1941:=(CN=UserName,CN=Users,DC=YOURDOMAIN,DC=NET))

表格:http://ldapwiki.willeke.com/wiki/Active%20Directory%20User%20Related%20Searches

-吉姆

关于java - 使用 Java 程序从 LDAP 检索用户的嵌套组,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21789923/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com