2 changed files with 171 additions and 0 deletions
-
18src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java
-
153src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java
@ -0,0 +1,18 @@ |
|||
package com.spring.modules.sys.service; |
|||
|
|||
/** |
|||
* @description: 检查用户是否存在 域控的文件夹权限 |
|||
* @author LR |
|||
* @date 2025/5/12 16:45 |
|||
* @version 1.0 |
|||
*/ |
|||
public interface CheckLdapDirectory { |
|||
|
|||
/** |
|||
* @description: 检查用户的域控权限 |
|||
* @author LR |
|||
* @date 2025/5/12 16:47 |
|||
* @version 1.0 |
|||
*/ |
|||
public boolean checkUserLdapDirectory(String username, String path); |
|||
} |
|||
@ -0,0 +1,153 @@ |
|||
package com.spring.modules.sys.service.impl; |
|||
|
|||
import com.spring.modules.sys.service.CheckLdapDirectory; |
|||
import org.springframework.beans.factory.annotation.Value; |
|||
import org.springframework.stereotype.Service; |
|||
|
|||
import javax.naming.Context; |
|||
import javax.naming.NamingEnumeration; |
|||
import javax.naming.NamingException; |
|||
import javax.naming.directory.*; |
|||
import java.io.IOException; |
|||
import java.nio.file.Files; |
|||
import java.nio.file.Path; |
|||
import java.nio.file.Paths; |
|||
import java.nio.file.attribute.AclFileAttributeView; |
|||
import java.util.*; |
|||
import java.util.function.Function; |
|||
import java.util.stream.Collectors; |
|||
|
|||
/** |
|||
* @description: 检查域控文件夹的权限 |
|||
* @author LR |
|||
* @date 2025/5/12 16:46 |
|||
* @version 1.0 |
|||
*/ |
|||
@Service |
|||
public class CheckLdapDirectoryImpl implements CheckLdapDirectory { |
|||
|
|||
@Value("${spring.ldap.urls}") |
|||
private String ldapUrl; |
|||
@Value("${spring.ldap.base}") |
|||
private String ldapBase; |
|||
@Value("${spring.ldap.username}") |
|||
private String ldapUserDn; |
|||
@Value("${spring.ldap.password}") |
|||
private String ldapPassword; |
|||
|
|||
@Override |
|||
public boolean checkUserLdapDirectory(String username, String directoryPath) { |
|||
//查询文件的域控账号或分组 |
|||
Map<String, String> directoryGroupAccount = this.getDirectoryLdapAccount(directoryPath); |
|||
//查询用户是否是该文件夹的域控账号或分组 |
|||
Map<String, String> ldapAccountGroup = this.getLapAccountGroup(username); |
|||
for(String strKey : directoryGroupAccount.keySet()) { |
|||
if (ldapAccountGroup.containsKey(strKey)) { |
|||
return true; |
|||
} |
|||
} |
|||
return false; |
|||
} |
|||
|
|||
/** |
|||
* @description: 查询用户的域控账号或分组 |
|||
* @author LR |
|||
* @date 2025/5/12 17:54 |
|||
* @version 1.0 |
|||
*/ |
|||
public Map<String, String> getLapAccountGroup(String username) { |
|||
Map<String, String> ldapAccountGroup = new HashMap<String, String>(); |
|||
try { |
|||
Properties env = new Properties(); |
|||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); |
|||
env.put(Context.PROVIDER_URL, ldapUrl); |
|||
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|||
env.put(Context.SECURITY_PRINCIPAL, ldapUserDn); |
|||
env.put(Context.SECURITY_CREDENTIALS, ldapPassword); |
|||
|
|||
// 创建DirContext对象,建立与LDAP服务器的连接 |
|||
DirContext ctx = new InitialDirContext(env); |
|||
|
|||
// 设置返回所有属性 |
|||
SearchControls controls = new SearchControls(); |
|||
controls.setReturningAttributes(new String[] {"memberof"}); |
|||
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
|||
String nameFilter = "(sAMAccountName="+username+")"; // 根据登录名精确匹配 |
|||
|
|||
// 执行查询 |
|||
NamingEnumeration<SearchResult> results = ctx.search(ldapBase, nameFilter, controls); |
|||
//存放属性 |
|||
List<String> valueList = new ArrayList<>(); |
|||
while (results.hasMore()) { |
|||
SearchResult result = results.next(); |
|||
Attributes attrs = result.getAttributes(); |
|||
//获取所有的属性 |
|||
NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll(); |
|||
//解析属性 |
|||
while (attrEnum.hasMore()) { |
|||
Attribute attr = attrEnum.next(); |
|||
// 处理多值属性 |
|||
NamingEnumeration<?> values = attr.getAll(); |
|||
while (values.hasMore()) { |
|||
Object value = values.next(); |
|||
String[] valueArr = value.toString().split(","); |
|||
//anz=chaifen map |
|||
for(String valueStr : valueArr) { |
|||
//ruguo |
|||
if (valueStr.contains("CN=")) { |
|||
valueList.add(valueStr.replace("CN=", "")); |
|||
} |
|||
} |
|||
|
|||
} |
|||
} |
|||
//把当前用的属性也放进去 |
|||
valueList.add(username); |
|||
//listzhuan map |
|||
ldapAccountGroup = valueList.stream(). |
|||
collect(Collectors. |
|||
toMap(Function.identity(), |
|||
str -> str, |
|||
(oldVal, newVal) -> newVal)); |
|||
} |
|||
// 直接返回信息 |
|||
} catch (NamingException e) { |
|||
System.err.println("Failed to connect to the LDAP server."); |
|||
e.printStackTrace(); |
|||
} |
|||
return ldapAccountGroup; |
|||
} |
|||
|
|||
/** |
|||
* @description: 必须在windows的环境下才能使用 |
|||
* @author LR |
|||
* @date 2025/5/12 16:55 |
|||
* @version 1.0 |
|||
*/ |
|||
public static Map<String, String> getDirectoryLdapAccount(String directoryPath) { |
|||
//获取文件夹 |
|||
Path securityPath = Paths.get(directoryPath); |
|||
//判断路径是否是文件夹 |
|||
if (!Files.isDirectory(securityPath)) { |
|||
throw new RuntimeException("路径不是文件夹"); |
|||
} |
|||
//返回的数据 |
|||
Map<String, String> ldapGroupAccount = new HashMap<String, String>(); |
|||
|
|||
AclFileAttributeView aclView = Files.getFileAttributeView(securityPath, AclFileAttributeView.class); |
|||
try { |
|||
aclView.getAcl().forEach(aclEntry -> { |
|||
String principalName = aclEntry.principal().getName().trim(); |
|||
if (principalName.contains("WORLDMARK1\\")) { |
|||
String groupOrName = principalName.replace("WORLDMARK1\\", ""); |
|||
ldapGroupAccount.put(groupOrName, groupOrName); |
|||
} |
|||
|
|||
}); |
|||
} catch (IOException e) { |
|||
throw new RuntimeException(e); |
|||
} |
|||
//返回执行的结果 |
|||
return ldapGroupAccount; |
|||
} |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue