From 240439a602aa3de7900c26db6359580e0af79dbb Mon Sep 17 00:00:00 2001 From: Rui_Li <877258667@qq.com> Date: Tue, 13 May 2025 10:54:41 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A3=80=E6=9F=A5=E5=9F=9F=E6=8E=A7=E5=92=8C?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=A4=B9=E6=9C=8D=E5=8A=A1=E5=99=A8=E7=9A=84?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sys/service/CheckLdapDirectory.java | 18 +++ .../service/impl/CheckLdapDirectoryImpl.java | 153 ++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java create mode 100644 src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java diff --git a/src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java b/src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java new file mode 100644 index 00000000..a54dd226 --- /dev/null +++ b/src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java @@ -0,0 +1,18 @@ +package com.spring.modules.sys.service; + +/** +* @description: 检查用户是否存在 域控的文件夹权限 +* @author LR +* @date 2025/5/12 16:45 +* @version 1.0 +*/ +public interface CheckLdapDirectory { + + /** + * @description: 检查用户的域控权限 + * @author LR + * @date 2025/5/12 16:47 + * @version 1.0 + */ + public boolean checkUserLdapDirectory(String username, String path); +} diff --git a/src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java b/src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java new file mode 100644 index 00000000..8a4e0609 --- /dev/null +++ b/src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java @@ -0,0 +1,153 @@ +package com.spring.modules.sys.service.impl; + +import com.spring.modules.sys.service.CheckLdapDirectory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Service; + +import javax.naming.Context; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.*; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.attribute.AclFileAttributeView; +import java.util.*; +import java.util.function.Function; +import java.util.stream.Collectors; + +/** +* @description: 检查域控文件夹的权限 +* @author LR +* @date 2025/5/12 16:46 +* @version 1.0 +*/ +@Service +public class CheckLdapDirectoryImpl implements CheckLdapDirectory { + + @Value("${spring.ldap.urls}") + private String ldapUrl; + @Value("${spring.ldap.base}") + private String ldapBase; + @Value("${spring.ldap.username}") + private String ldapUserDn; + @Value("${spring.ldap.password}") + private String ldapPassword; + + @Override + public boolean checkUserLdapDirectory(String username, String directoryPath) { + //查询文件的域控账号或分组 + Map directoryGroupAccount = this.getDirectoryLdapAccount(directoryPath); + //查询用户是否是该文件夹的域控账号或分组 + Map ldapAccountGroup = this.getLapAccountGroup(username); + for(String strKey : directoryGroupAccount.keySet()) { + if (ldapAccountGroup.containsKey(strKey)) { + return true; + } + } + return false; + } + + /** + * @description: 查询用户的域控账号或分组 + * @author LR + * @date 2025/5/12 17:54 + * @version 1.0 + */ + public Map getLapAccountGroup(String username) { + Map ldapAccountGroup = new HashMap(); + try { + Properties env = new Properties(); + env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + env.put(Context.PROVIDER_URL, ldapUrl); + env.put(Context.SECURITY_AUTHENTICATION, "simple"); + env.put(Context.SECURITY_PRINCIPAL, ldapUserDn); + env.put(Context.SECURITY_CREDENTIALS, ldapPassword); + + // 创建DirContext对象,建立与LDAP服务器的连接 + DirContext ctx = new InitialDirContext(env); + + // 设置返回所有属性 + SearchControls controls = new SearchControls(); + controls.setReturningAttributes(new String[] {"memberof"}); + controls.setSearchScope(SearchControls.SUBTREE_SCOPE); + String nameFilter = "(sAMAccountName="+username+")"; // 根据登录名精确匹配 + + // 执行查询 + NamingEnumeration results = ctx.search(ldapBase, nameFilter, controls); + //存放属性 + List valueList = new ArrayList<>(); + while (results.hasMore()) { + SearchResult result = results.next(); + Attributes attrs = result.getAttributes(); + //获取所有的属性 + NamingEnumeration attrEnum = attrs.getAll(); + //解析属性 + while (attrEnum.hasMore()) { + Attribute attr = attrEnum.next(); + // 处理多值属性 + NamingEnumeration values = attr.getAll(); + while (values.hasMore()) { + Object value = values.next(); + String[] valueArr = value.toString().split(","); + //anz=chaifen map + for(String valueStr : valueArr) { + //ruguo + if (valueStr.contains("CN=")) { + valueList.add(valueStr.replace("CN=", "")); + } + } + + } + } + //把当前用的属性也放进去 + valueList.add(username); + //listzhuan map + ldapAccountGroup = valueList.stream(). + collect(Collectors. + toMap(Function.identity(), + str -> str, + (oldVal, newVal) -> newVal)); + } + // 直接返回信息 + } catch (NamingException e) { + System.err.println("Failed to connect to the LDAP server."); + e.printStackTrace(); + } + return ldapAccountGroup; + } + + /** + * @description: 必须在windows的环境下才能使用 + * @author LR + * @date 2025/5/12 16:55 + * @version 1.0 + */ + public static Map getDirectoryLdapAccount(String directoryPath) { + //获取文件夹 + Path securityPath = Paths.get(directoryPath); + //判断路径是否是文件夹 + if (!Files.isDirectory(securityPath)) { + throw new RuntimeException("路径不是文件夹"); + } + //返回的数据 + Map ldapGroupAccount = new HashMap(); + + AclFileAttributeView aclView = Files.getFileAttributeView(securityPath, AclFileAttributeView.class); + try { + aclView.getAcl().forEach(aclEntry -> { + String principalName = aclEntry.principal().getName().trim(); + if (principalName.contains("WORLDMARK1\\")) { + String groupOrName = principalName.replace("WORLDMARK1\\", ""); + ldapGroupAccount.put(groupOrName, groupOrName); + } + + }); + } catch (IOException e) { + throw new RuntimeException(e); + } + //返回执行的结果 + return ldapGroupAccount; + } +}