Java Spring - Active Directory - 如何获取 AD 用户详细信息(电话号码、全名、邮件、地址、描述)?
Java Spring - Active Directory- How can I Get AD User Details (telNumber, full name, mail , address, description)?
在我的大学项目中,我想从 AD 服务器获取用户信息,例如电话phone 号码、邮件、身份验证后的全名。
所以我使用默认的 spring 安全登录页面,在身份验证之后,我通过身份验证对象获得了 dn 和权限。我想知道如何获取广告用户的详细信息。
我想得到他的 phone 号码来发送带有 API 的消息。这部分已经在工作了。我只需要提取广告用户详细信息即可。
您将在下面找到我的代码:
SecurityConfiguration.java :
package com.le_chatelet.le_chatelet_back.ldap;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider =
new ActiveDirectoryLdapAuthenticationProvider( "mydomain.com", "ldap://adserverip:389");
activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
activeDirectoryLdapAuthenticationProvider.setUseAuthenticationRequestCredentials(true);
return activeDirectoryLdapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
authenticationManagerBuilder
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.formLogin();
}
}
LoginController.java :
package com.le_chatelet.le_chatelet_back.ldap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.stream.Collectors;
@RestController
public class LoginController {
@Autowired
private UserInterface userInterface;
Logger logger = LoggerFactory.getLogger(LoginController.class);
@GetMapping("/hello")
public String sayHello()
{
return "hello world";
}
@GetMapping("/user")
@ResponseBody
public Authentication getLoggedUserDetail(Authentication authentication) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
//get username
String username = authentication.getName();
logger.info("username : "+username);
// concat list of authorities to single string seperated by comma
String authorityString = authentication
.getAuthorities()
.stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
String role = "role_A";
boolean isCurrentUserInRole = authentication
.getAuthorities()
.stream()
.anyMatch(role::equals);
return authentication;
}
}
如果有人能向我展示代码示例,我们将不胜感激。
您可以在 Provider 上设置 UserDetailsContextMapper,这允许自定义策略用于创建 UserDetails,该 UserDetails 将作为主体存储在 Authentication.
provider.setUserDetailsContextMapper(new PersonContextMapper());
然后您可以在控制器中使用 @AuthenticationPrincipal 注释来获取 Person(或自定义 class)实例。
@GetMapping("/phone-number")
public String phoneNumber(@AuthenticationPrincipal Person person) {
return "Phone number: " + person.getTelephoneNumber();
}
您可以找到 Spring 安全团队提供的完整 LDAP sample application。
在我的大学项目中,我想从 AD 服务器获取用户信息,例如电话phone 号码、邮件、身份验证后的全名。
所以我使用默认的 spring 安全登录页面,在身份验证之后,我通过身份验证对象获得了 dn 和权限。我想知道如何获取广告用户的详细信息。
我想得到他的 phone 号码来发送带有 API 的消息。这部分已经在工作了。我只需要提取广告用户详细信息即可。
您将在下面找到我的代码:
SecurityConfiguration.java :
package com.le_chatelet.le_chatelet_back.ldap;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider =
new ActiveDirectoryLdapAuthenticationProvider( "mydomain.com", "ldap://adserverip:389");
activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
activeDirectoryLdapAuthenticationProvider.setUseAuthenticationRequestCredentials(true);
return activeDirectoryLdapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
authenticationManagerBuilder
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.formLogin();
}
}
LoginController.java :
package com.le_chatelet.le_chatelet_back.ldap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.stream.Collectors;
@RestController
public class LoginController {
@Autowired
private UserInterface userInterface;
Logger logger = LoggerFactory.getLogger(LoginController.class);
@GetMapping("/hello")
public String sayHello()
{
return "hello world";
}
@GetMapping("/user")
@ResponseBody
public Authentication getLoggedUserDetail(Authentication authentication) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
//get username
String username = authentication.getName();
logger.info("username : "+username);
// concat list of authorities to single string seperated by comma
String authorityString = authentication
.getAuthorities()
.stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
String role = "role_A";
boolean isCurrentUserInRole = authentication
.getAuthorities()
.stream()
.anyMatch(role::equals);
return authentication;
}
}
如果有人能向我展示代码示例,我们将不胜感激。
您可以在 Provider 上设置 UserDetailsContextMapper,这允许自定义策略用于创建 UserDetails,该 UserDetails 将作为主体存储在 Authentication.
provider.setUserDetailsContextMapper(new PersonContextMapper());
然后您可以在控制器中使用 @AuthenticationPrincipal 注释来获取 Person(或自定义 class)实例。
@GetMapping("/phone-number")
public String phoneNumber(@AuthenticationPrincipal Person person) {
return "Phone number: " + person.getTelephoneNumber();
}
您可以找到 Spring 安全团队提供的完整 LDAP sample application。