用的是openLdap
java系统框架是ruoyi-vue
https://gitee.com/y_project/RuoYi-Vue 版本3.2.0
实现起来发现就两句话,但是解决过程有点艰难,再次记录下。。。方便以后查看
领导任务:实现LDAP登录验证
一开始的方针是采用框架自带的
- Spring Security 5.2.x
查了半天,整理半天,又是写接口,又是写配置的,各种调试过后放弃了,有点复杂,而且时间有点赶,不容我浪费时间
然后 换了个套路,用java自带的 来吧
在 com/ruoyi/framework/web/service/SysLoginService.java 修改
代码如下:
private boolean ldapCheck(String username, String password) { try { // String username=email.split("@")[0]; //uid String bindUserDN = "uid=" + username + ",ou=People,dc=xxx,dc=com"; //用户 DN ou=People,dc=xxx,dc=com是我放用户的地方,可以根据自己的改 String bindPassword = password; //用户密码 String url = "ldap://127.0.0.1:389/"; //ldap服务器IP Hashtable<String, String> env = new Hashtable<String, String>(); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, url); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindUserDN); env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPassword); javax.naming.directory.DirContext ctx = new javax.naming.directory.InitialDirContext(env); return true; } catch (Exception e) { // todo log return false; } }
这样就完成了登录验证,
其他的在注释里解释了
具体代码如下:
/** * 登录验证 * * @param username 用户名 * @param password 密码 * @param code 验证码 * @param uuid 唯一标识 * @return 结果 */ public String login(String username, String password, String code, String uuid) { boolean ldapCheck = ldapCheck(username, password); LoginUser loginUser = null; if (ldapCheck) {
// LDAP验证通过,直接生成信息 ---重点--- loginUser = (LoginUser) userDetailsService.loadUserByUsername(username); } else { String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid; String captcha = redisCache.getCacheObject(verifyKey); redisCache.deleteObject(verifyKey); if (captcha == null) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"))); throw new CaptchaExpireException(); } if (!code.equalsIgnoreCase(captcha)) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"))); throw new CaptchaException(); } // 用户验证 Authentication authentication = null; try { // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(username, password)); } catch (Exception e) { if (e instanceof BadCredentialsException) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"))); throw new UserPasswordNotMatchException(); } else { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage())); throw new CustomException(e.getMessage()); } } AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); loginUser = (LoginUser) authentication.getPrincipal(); }// 生成token return tokenService.createToken(loginUser); } private boolean ldapCheck(String username, String password) { try { // String username=email.split("@")[0]; //uid String bindUserDN = "uid=" + username + ",ou=People,dc=xxx,dc=com"; //用户 DN String bindPassword = password; //用户密码 String url = "ldap://127.0.0.1:389/"; //ldap服务器IP Hashtable<String, String> env = new Hashtable<String, String>(); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, url); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindUserDN); env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPassword); javax.naming.directory.DirContext ctx = new javax.naming.directory.InitialDirContext(env); return true; } catch (Exception e) { // todo log return false; } }