流程:
1.用户调登录接口,传用户名和密码2.用户名和密码在ad验证,验证通过后,返回当前用户的相关信息。(注:ldap为java自带的api不需要maven引入其他的)3.根据返回的用户信息,实现自己系统的业务逻辑
@RequestMapping("/getMsg") @ResponseBody public String getAllPersonNamesWithTraditionalWay(@RequestParam String username,@RequestParam String password) { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); //ldap://192.168.153.129:389/dc=contoso,dc=com env.put(Context.PROVIDER_URL, "ldap://192.168.153.129:389/dc=contoso,dc=com"); env.put(Context.SECURITY_PRINCIPAL, username); env.put(Context.SECURITY_CREDENTIALS, password); DirContext ctx; String name=""; NamingEnumeration results = null; try { ctx = new InitialDirContext(env); SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); results = ctx.search("", "(&(objectclass=person)(userprincipalname=" + username+ "))",controls); SearchResult searchResult = (SearchResult) results.next(); Attributes attributes = searchResult.getAttributes(); name = attributes.get("userprincipalname").get().toString().split("@")[0]; } catch (AuthenticationException e) { String erroMsg= e.toString(); e.printStackTrace(); return erroMsg; } catch (NameNotFoundException e) { String erroMsg= e.toString(); e.printStackTrace(); return erroMsg; } catch (NamingException e) { e.printStackTrace(); String erroMsg= e.toString(); return erroMsg; } finally { if (results != null) { try { results.close(); } catch (Exception e) { } } } return name; }
返回了登录用户的name字段。还有其他字段如下图)
微软ad域样子:(我是通过虚拟机安装了windos sever 2008 r2 然后在其系统上,安装了AD域)