用的是openLdap
java系統框架是ruoyi-vue
https://gitee.com/y_project/RuoYi-Vue 版本3.2.0
實現起來發現就兩句話,但是解決過程有點艱難,再次記錄下。。。方便以后查看
領導任務:實現LDAP登錄驗證
一開始的方針是采用框架自帶的
- Spring Security 5.2.x
查了半天,整理半天,又是寫接口,又是寫配置的,各種調試過后放棄了,有點復雜,而且時間有點趕,不容我浪費時間
然后 換了個套路,用java自帶的 來吧
在 com/ruoyi/framework/web/service/SysLoginService.java 修改
代碼如下:
private boolean ldapCheck(String username, String password) { try { // String username=email.split("@")[0]; //uid String bindUserDN = "uid=" + username + ",ou=People,dc=xxx,dc=com"; //用戶 DN ou=People,dc=xxx,dc=com是我放用戶的地方,可以根據自己的改 String bindPassword = password; //用戶密碼 String url = "ldap://127.0.0.1:389/"; //ldap服務器IP Hashtable<String, String> env = new Hashtable<String, String>(); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, url); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindUserDN); env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPassword); javax.naming.directory.DirContext ctx = new javax.naming.directory.InitialDirContext(env); return true; } catch (Exception e) { // todo log return false; } }
這樣就完成了登錄驗證,
其他的在注釋里解釋了
具體代碼如下:
/** * 登錄驗證 * * @param username 用戶名 * @param password 密碼 * @param code 驗證碼 * @param uuid 唯一標識 * @return 結果 */ public String login(String username, String password, String code, String uuid) { boolean ldapCheck = ldapCheck(username, password); LoginUser loginUser = null; if (ldapCheck) {
// LDAP驗證通過,直接生成信息 ---重點--- loginUser = (LoginUser) userDetailsService.loadUserByUsername(username); } else { String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid; String captcha = redisCache.getCacheObject(verifyKey); redisCache.deleteObject(verifyKey); if (captcha == null) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"))); throw new CaptchaExpireException(); } if (!code.equalsIgnoreCase(captcha)) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"))); throw new CaptchaException(); } // 用戶驗證 Authentication authentication = null; try { // 該方法會去調用UserDetailsServiceImpl.loadUserByUsername authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(username, password)); } catch (Exception e) { if (e instanceof BadCredentialsException) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"))); throw new UserPasswordNotMatchException(); } else { AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage())); throw new CustomException(e.getMessage()); } } AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); loginUser = (LoginUser) authentication.getPrincipal(); }// 生成token return tokenService.createToken(loginUser); } private boolean ldapCheck(String username, String password) { try { // String username=email.split("@")[0]; //uid String bindUserDN = "uid=" + username + ",ou=People,dc=xxx,dc=com"; //用戶 DN String bindPassword = password; //用戶密碼 String url = "ldap://127.0.0.1:389/"; //ldap服務器IP Hashtable<String, String> env = new Hashtable<String, String>(); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, url); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindUserDN); env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPassword); javax.naming.directory.DirContext ctx = new javax.naming.directory.InitialDirContext(env); return true; } catch (Exception e) { // todo log return false; } }