检查域控和文件夹服务器的检查

src/main/java/com/spring/modules/sys/service/CheckLdapDirectory.java

@@ -0,0 +1,18 @@
+package com.spring.modules.sys.service;
+
+/**
+* @description: 检查用户是否存在 域控的文件夹权限
+* @author LR
+* @date 2025/5/12 16:45
+* @version 1.0
+*/
+public interface CheckLdapDirectory {
+
+    /**
+    * @description: 检查用户的域控权限
+    * @author LR
+    * @date 2025/5/12 16:47
+    * @version 1.0
+    */
+    public boolean checkUserLdapDirectory(String username, String path);
+}

src/main/java/com/spring/modules/sys/service/impl/CheckLdapDirectoryImpl.java

@@ -0,0 +1,153 @@
+package com.spring.modules.sys.service.impl;
+
+import com.spring.modules.sys.service.CheckLdapDirectory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.*;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.AclFileAttributeView;
+import java.util.*;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+/**
+* @description: 检查域控文件夹的权限
+* @author LR
+* @date 2025/5/12 16:46
+* @version 1.0
+*/
+@Service
+public class CheckLdapDirectoryImpl implements CheckLdapDirectory {
+
+    @Value("${spring.ldap.urls}")
+    private String ldapUrl;
+    @Value("${spring.ldap.base}")
+    private String ldapBase;
+    @Value("${spring.ldap.username}")
+    private String ldapUserDn;
+    @Value("${spring.ldap.password}")
+    private String ldapPassword;
+
+    @Override
+    public boolean checkUserLdapDirectory(String username, String directoryPath) {
+        //查询文件的域控账号或分组
+        Map<String, String> directoryGroupAccount = this.getDirectoryLdapAccount(directoryPath);
+        //查询用户是否是该文件夹的域控账号或分组
+        Map<String, String> ldapAccountGroup = this.getLapAccountGroup(username);
+        for(String strKey : directoryGroupAccount.keySet()) {
+            if (ldapAccountGroup.containsKey(strKey)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+    * @description: 查询用户的域控账号或分组
+    * @author LR
+    * @date 2025/5/12 17:54
+    * @version 1.0
+    */
+    public Map<String, String> getLapAccountGroup(String username) {
+        Map<String, String> ldapAccountGroup = new HashMap<String, String>();
+        try {
+            Properties env = new Properties();
+            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+            env.put(Context.PROVIDER_URL, ldapUrl);
+            env.put(Context.SECURITY_AUTHENTICATION, "simple");
+            env.put(Context.SECURITY_PRINCIPAL, ldapUserDn);
+            env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
+
+            // 创建DirContext对象，建立与LDAP服务器的连接
+            DirContext ctx = new InitialDirContext(env);
+
+            // 设置返回所有属性
+            SearchControls controls = new SearchControls();
+            controls.setReturningAttributes(new String[] {"memberof"});
+            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            String nameFilter = "(sAMAccountName="+username+")";  // 根据登录名精确匹配
+
+            // 执行查询
+            NamingEnumeration<SearchResult> results = ctx.search(ldapBase, nameFilter, controls);
+            //存放属性
+            List<String> valueList = new ArrayList<>();
+            while (results.hasMore()) {
+                SearchResult result = results.next();
+                Attributes attrs = result.getAttributes();
+                //获取所有的属性
+                NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
+                //解析属性
+                while (attrEnum.hasMore()) {
+                    Attribute attr = attrEnum.next();
+                    // 处理多值属性
+                    NamingEnumeration<?> values = attr.getAll();
+                    while (values.hasMore()) {
+                        Object value = values.next();
+                        String[] valueArr = value.toString().split(",");
+                        //anz=chaifen map
+                        for(String valueStr : valueArr) {
+                            //ruguo
+                            if (valueStr.contains("CN=")) {
+                                valueList.add(valueStr.replace("CN=", ""));
+                            }
+                        }
+
+                    }
+                }
+                //把当前用的属性也放进去
+                valueList.add(username);
+                //listzhuan map
+                ldapAccountGroup = valueList.stream().
+                        collect(Collectors.
+                                toMap(Function.identity(),
+                                        str -> str,
+                                        (oldVal, newVal) -> newVal));
+            }
+            //  直接返回信息
+        } catch (NamingException e) {
+            System.err.println("Failed to connect to the LDAP server.");
+            e.printStackTrace();
+        }
+        return ldapAccountGroup;
+    }
+
+    /**
+    * @description: 必须在windows的环境下才能使用
+    * @author LR
+    * @date 2025/5/12 16:55
+    * @version 1.0
+    */
+    public static Map<String, String> getDirectoryLdapAccount(String directoryPath) {
+        //获取文件夹
+        Path securityPath = Paths.get(directoryPath);
+        //判断路径是否是文件夹
+        if (!Files.isDirectory(securityPath)) {
+            throw new RuntimeException("路径不是文件夹");
+        }
+        //返回的数据
+        Map<String, String> ldapGroupAccount = new HashMap<String, String>();
+
+        AclFileAttributeView aclView = Files.getFileAttributeView(securityPath, AclFileAttributeView.class);
+        try {
+            aclView.getAcl().forEach(aclEntry -> {
+                String principalName = aclEntry.principal().getName().trim();
+                if (principalName.contains("WORLDMARK1\\")) {
+                    String groupOrName = principalName.replace("WORLDMARK1\\", "");
+                    ldapGroupAccount.put(groupOrName, groupOrName);
+                }
+
+            });
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+        //返回执行的结果
+        return ldapGroupAccount;
+    }
+}