如何获取所有Active Directory组(不仅仅与当前用户相关)?我正在使用spring security ldap。你能提供一些例子吗?
您可以做的是编写LdapAuthoritiesPopulator的实现,该实现与DefaultLdapAuthoritiesPopulator实现匹配,并使用额外的方法来检索所有角色。
public class ExtendedLdapAuthoritiesPopulator
implements LdapAuthoritiesPopulator {
// Copy implementation of DefaultLdapAuthoritiesPopulator (omitted).
private String allAuthorityFilter
= "(&(objectClass=group)(objectCategory=group))";
public void setAllAuthorityFilter(String allAuthorityFilter) {
Assert.notNull(allAuthorityFilter,
"allAuthorityFilter must not be null");
this.allAuthorityFilter = allAuthorityFilter;
}
public final Collection<GrantedAuthority> getAllAuthorities() {
if (groupSearchBase == null) {
return new HashSet<>();
}
Set<GrantedAuthority> authorities = new HashSet<>();
if (logger.isDebugEnabled()) {
logger.debug("Searching for all roles with filter '"
+ allAuthorityFilter + "' in search base '"
+ groupSearchBase + "'");
}
Set<String> roles = ldapTemplate.searchForSingleAttributeValues(
groupSearchBase,
allAuthorityFilter,
new String[0],
groupRoleAttribute);
if (logger.isDebugEnabled()) {
logger.debug("Roles from search: " + roles);
}
for (String role : roles) {
if (convertToUpperCase) {
role = role.toUpperCase();
}
authorities.add(new SimpleGrantedAuthority(rolePrefix + role));
}
return authorities;
}
}
在您的spring安全配置中,将DefaultLdapAuthoritiesPopulator更改为您的新实现。
另外一个属性可以设置AllAuthorityFilter,用于过滤哪些组将被返回。
您可能更喜欢您的实现只检索基于String的角色名称而不是GrantedAuthority实例。
如果您想要对用户进行身份验证,那么Spring Security LDAP非常棒,但如果您只需要查询LDAP(在本例中为所有组),那么Spring LDAP(不要与Spring Security LDAP混淆)更适合您的用途。
例:
import static org.springframework.ldap.query.LdapQueryBuilder.query;
LdapTemplate ldapTemplate; // Injected via Spring
// Using Java 8 lambda expressions
ldapTemplate.search(
query().where("objectclass").is("group"),
(AttributesMapper<String>) attributes -> attributes.get("cn").get().toString();
);
获取所有LDAP组可能需要与登录用户的de组进行不同的身份验证。可以使用Spring LDAPTemplate。
package de.is2.sign.test.ldap;
import java.util.List;
import javax.naming.directory.SearchControls;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import de.is2.insign.aufruferdemo.ldapservices.Group;
import de.is2.insign.aufruferdemo.ldapservices.GroupAttributesMapper;
public class LDAPListGroups {
public static void main(String[] args) throws Exception {
LdapContextSource ldapContextSource = new LdapContextSource();
//LDAP URL
ldapContextSource.setUrl("ldap://localhost:10389/dc=example,dc=com");
//Authenticate as User that has access to this node in LDAP
ldapContextSource.setUserDn("uid=admin,ou=system");
ldapContextSource.setPassword("secret");
ldapContextSource.afterPropertiesSet();
LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
ldapTemplate.afterPropertiesSet();
GroupAttributesMapper mapper = new GroupAttributesMapper();
SearchControls controls = new SearchControls();
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "groupOfNames"));
List<Group> groups = ldapTemplate.search("ou=groups", filter.encode(), controls, mapper);
for (Group group:groups)
{
System.out.println(group.getLongID());
}
}
}
而这个类默认:
它可能会有所帮助