验证用户是否属于活动目录组

时间:2017-10-11 08:19:48

标签: java shiro

如果用户在特定组中,我将shiro连接到我们的活动目录并尝试配置它。

Shiro.ini档案:

[main]
realm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
realm.url = LDAP://example.com/
realm.systemUsername = admin@example.com
realm.systemPassword = password
realm.searchBase = "OU=level2,OU=level1,DC=example,DC=com"
realm.groupRolesMap = "CN=Group1,OU=level2,OU=level1,DC=example,DC=com":"itadmins"

[roles]
itadmins = *

和代码:

public class Quickstart {

  private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
  public static final String userName = "user1@example.com";
  public static final String password = "userpassword";


  public static void main(String[] args) {

    // The easiest way to create a Shiro SecurityManager with configured
    // realms, users, roles and permissions is to use the simple INI config.
    // We'll do that by using a factory that can ingest a .ini file and
    // return a SecurityManager instance:

    // Use the shiro.ini file at the root of the classpath
    // (file: and url: prefixes load from files and urls respectively):
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
    SecurityManager securityManager = factory.getInstance();

    // for this simple example quickstart, make the SecurityManager
    // accessible as a JVM singleton.  Most applications wouldn't do this
    // and instead rely on their container configuration or web.xml for
    // webapps.  That is outside the scope of this simple quickstart, so
    // we'll just do the bare minimum so you can continue to get a feel
    // for things.
    SecurityUtils.setSecurityManager(securityManager);

    // Now that a simple Shiro environment is set up, let's see what you can do:
    UsernamePasswordToken token = new UsernamePasswordToken(userName, password);

    // get the currently executing user:
    Subject currentUser = SecurityUtils.getSubject();

    try {
      currentUser.login(token);
      System.out.println("We've authenticated! :)");
    } catch (AuthenticationException e) {
      System.out.println("We did not authenticate :(");
      e.printStackTrace();
    }

    log.info("User [" + currentUser + "] logged in successfully.");


    if (currentUser.hasRole("hasRole")) {
      System.out.println("We're authorized! :)");
    } else {
      System.out.println("We are not authorized :(");
    }


        //all done - log out!
        currentUser.logout();

        System.exit(0);*/
  }
}

用户已通过身份验证但未获得授权。我做错了什么?

1 个答案:

答案 0 :(得分:0)

看起来你有拼写错误? currentUser.hasRole("hasRole")我猜这应该是currentUser.hasRole("itadmins")