Question

我在Windows AD LDAP中使用Spring security 3.2.4。我能够成功进行身份验证并填充LdapUserDetailsImpl。从LdapUserDetailsImpl我可以获得用户名，权限，但如何获取员工姓名（不是登录用户名） LdapUserDetailsImpl包含以下属性和值

Username = 40000 , 
Enabled = true,
AccountNonExpired = true,
Dn: cn=employee name,ou=IT_FM,ou=XXX_USERS,dc=XXXX,dc=CO,dc=IN;

如何获取员工姓名，我是否需要扩展某个类并编写自己的映射或可能只是从主体获取Dn并拆分字符串以获取员工姓名。

Answer 1

您可以从Principal获取Dn并提取用户名（cn）

LdapUserDetailsImpl ldapDetails = (LdapUserDetailsImpl) SecurityContextHolder
            .getContext().getAuthentication().getPrincipal();
String dn = ldapDetails.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
String username = dn.substring(beginIndex, endIndex);

Answer 2

@Mukun几乎有这个。唯一的是，而不是：

String dn = ldapUserDetailsImpl.getDn();
int beginIndex = dn.indexOf("cn=") + 3;
int endIndex = dn.indexOf(",");
myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));

我会：

String name = ctx.getObjectAttribute("cn").toString()
myUserDetails.setEmployeeName(name)

这使得LDAP集成可以为您处理所有可怕的东西，并且自己也会失去切断字符串的危险。

你也可以考虑

myUserDetails.setFirstName(ctx.getObjectAttribute("givenName").toString())
myUserDetails.setLastName(ctx.getObjectAttribute("sn").toString())

这些东西应该适用于MS AD，“普通”LDAP和可能的Novell。

所以完整答案是：

@Service
public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
    @Override
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
        MyUserDetails myUserDetails = new MyUserDetails();
        myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
        myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
        myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
        myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
        myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
        myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
        myUserDetails.setEmployeeName(ctx.getObjectAttribute("cn").toString());
        return myUserDetails;
    }
}

Answer 3

我的自定义映射器。这是正确的做法吗？

 @Service
    public class MyUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
        @Override
        public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
            LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) super.mapUserFromContext(ctx, username, authorities);
            MyUserDetails myUserDetails = new MyUserDetails();
            myUserDetails.setAccountNonExpired(ldapUserDetailsImpl.isAccountNonExpired());
            myUserDetails.setAccountNonLocked(ldapUserDetailsImpl.isAccountNonLocked());
            myUserDetails.setCredentialsNonExpired(ldapUserDetailsImpl.isCredentialsNonExpired());
            myUserDetails.setEnabled(ldapUserDetailsImpl.isEnabled());
            myUserDetails.setUsername(ldapUserDetailsImpl.getUsername());
            myUserDetails.setAuthorities(ldapUserDetailsImpl.getAuthorities());
            String dn = ldapUserDetailsImpl.getDn();
            int beginIndex = dn.indexOf("cn=") + 3;
            int endIndex = dn.indexOf(",");
            myUserDetails.setEmployeeName(dn.substring(beginIndex, endIndex));
            return myUserDetails;
        }

    }

Spring Security LDAP获取用户名

3 个答案: