关于 JNDI 的 一个手写实例

关于 JNDI 的 一个手写实例

/*
 * @author  Kemi *
 *
 * Creation/Modification History  :
 *
 * 10-May-2006   created
 *
 */

package com.daphne.security.ldap;

import com.daphne.security.ldap.LdapParameters;
import java.util.Hashtable;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;


/**
 * This class manages all Directory operations.
 */
public class DirectoryManager {

    private static DirContext dirctx = null;
    private static final Logger logger =
        Logger.getLogger(DirectoryManager.class.getName());
    private static final String dir = "cn=orcladmin,cn=users,";

    /**
   * Empty default Constructor.
   */
    public DirectoryManager() {
    }

    /**
   * Checks if the specified uname is a member of the specified group.
   *
   * @param uname  Relative Distinguished name of the user
   * @param groupname Distingushed name of the group
   * @return  true - if the user belongs to the group, else false
   * @exception NamingException if any directory operation fails
   */
    public static boolean isUserInGroup(String uname,
                                 String groupname) throws NamingException {

        boolean ingroup = false;

        // Get the Distinguished Name of the user
        String userDN = getUserDN(uname);
        String groupDN = getGroupDN(groupname);
        if(userDN==null || groupDN==null){
            return false;
        }

        // Filter to check if the user DN is a member
        // A user is a member of a group if the uniqueMember attribute of that group entry
        // has the user DN value.
        String filter = "(uniqueMember=" + userDN + ")";

        // Initialize search controls to search with scope as sub tree
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        // Set the attributes to be returned
       // searchControls.setReturningAttributes(new String[] { "cn" });

        // Search under the specified group
        if(dirctx==null){
            System.out.println("gerge");
        }
        NamingEnumeration results =
            dirctx.search(groupDN, filter, searchControls);

        // If the search has results, then the user is a member   
        if (results.hasMore()) {
            ingroup = true;
        }
        // else user not present, i.e defaulted

        return ingroup;
    }

    /**
   *  Authenticates the user credentials with Directory.
   *
   * @param username  User Name of the user
   * @param passwd Password of the user
   * @return  true - if the credentials are valid
   *
   * @exception AuthenticationException If credentials are invalid
   * @exception NamingException if any directory operation fails
   */
    public static boolean authenticateUser(String username,
                                    String passwd) throws AuthenticationException,
                                                          NamingException {

        boolean authorized = false;

        // Get the Distinguished Name
        String dn = getUserDN(username);
        if(dn==null){
            return false;
        }
     try {
                    // Authenticate with Directory
                    dirctx = getDirectoryContext(dn, passwd);
                    authorized = true;
       
                } catch (AuthenticationException authEx) {
       
                    //throw new AuthenticationException(" Invalid Password ");
                     logger.severe("Invalid Password ");
                }


        return authorized;
    }

    /**
   * Retrieves the Distinguished name of them of the specified RDN.
   *
   * @param uname  Relative Distinguished name.
   * @return  Distinguished name of the user
   * @exception NamingException if directory operation fails
   */
    public static String getUserDN(String uname) throws NamingException {

       // DirContext dCtx = null;
        System.out.println("ROOT:" + LdapParameters.getRootContext());
        System.out.println("User:" + LdapParameters.getUserContext());
        System.out.println("Group:" + LdapParameters.getGroupContext());
        System.out.println("RDN:" + LdapParameters.RDN);


        // if Grocery context is available, use it, else create one as application entity
        if (dirctx == null) {
            dirctx=
getDirectoryContext(dir + LdapParameters.getRootContext(), "123qweasd");
        }
        if (dirctx == null) {
            System.out.println("NULL DCTX");
        } else {
            System.out.println("Notnull DCTX");
        }

        SearchResult searchResult = null;
        NamingEnumeration results = null;
        String userDN = null;
        String filter = "(" + LdapParameters.RDN + "=" + uname + ")";

        // To set search controls to search with subtree scope
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        // Search the directory based on the search string from the specified context
        try{
        results =
                dirctx.search(LdapParameters.getUserContext(), filter, searchControls);
        }catch(Exception e){
            logger.severe("Match Error:Invalid Username ");
        }

        // If matching record found
        if (results.hasMore()) {

            searchResult = (SearchResult)results.next();
            // Build the User DN
            userDN =
                    searchResult.getName() + "," + LdapParameters.getUserContext();

        } else {
            // User not found
            //throw new NamingException(" Invalid Username ");
            logger.severe("Invalid Username ");
        }

        return userDN;
    }

    public static String getGroupDN(String groupname) throws NamingException {

     
        if (dirctx == null) {
            dirctx =
getDirectoryContext(dir + LdapParameters.getRootContext(), "123qweasd");
        }
        if (dirctx == null) {
            System.out.println("NULL DCTX");
        } else {
            System.out.println("Notnull DCTX");
        }

        SearchResult searchResult = null;
        NamingEnumeration results = null;
        String groupDN = null;
        String filter = "(cn=" + groupname + ")";

     
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

     
     
        results =
                dirctx.search(LdapParameters.getGroupContext(), filter, searchControls);
      
          
      

        // If matching record found
        if (results.hasMore()) {

            searchResult = (SearchResult)results.next();
           
            groupDN =
                    searchResult.getName() + "," + LdapParameters.getGroupContext();

        } else {
       
            logger.severe("Invalid Groupname ");
        }

        return groupDN;
    }

    /**
   *  Initializes a Directory Context with the specified credentials and return it.
   *  If the password is blank(null), it binds as anonymous user and returns the
   *  context.
   *
   * @param username Directory user name
   * @param password Directory user password
   * @return  valid directory context, if credentials are valid
   * @exception AuthenticationException  if credentails are invalid
   * @exception NamingException if directory operation fails
   */
    public static DirContext getDirectoryContext(String username,
                                          String password) throws AuthenticationException,
                                                                  NamingException {

        DirContext dCtx = null;

        //Build the LDAP url
        String ldapurl =
            "ldap://" + LdapParameters.dirHostName + ":" + LdapParameters.dirPort;

        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapurl);

        // if password is specified, set the credentials
        if (password != null) {
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, username);
            env.put(Context.SECURITY_CREDENTIALS, password);
        }

        // Bind and initialize the Directory context
        dCtx = new InitialDirContext(env);

        return dCtx;
    }

//        public static void main(String[] args) {
//            DirectoryManager dm = new DirectoryManager();
//            try {
//        //            if (dm.isUserInGroup("kemi", "销售")) {
//        //                System.out.println("True:User in Group");
//        //
//        //            } else {
//        //                System.out.println("False:Wrong name or group");
//        //            }
//                if(dm.authenticateUser("kemi","123qweasd")){
//                    System.out.println("True:Password successful");
//                }else{
//                    System.out.println("False:Failed to match pw and name");
//                }
//            } catch (Exception e) {
//                e.printStackTrace();
//            }
//        }

    }


  

 

 

你可能感兴趣的:(关于 JNDI 的 一个手写实例)