這個案例是要做LDAP驗證,基本上,下面參數都是一樣的
只要調整自家的domain和ldapId,就可以通了
那ldapId可能有多組做備援,所以用List去做存取
來源應該要從設定檔或是DB取出(這邊是為了示範,所以new一個List,並且add資料進去)
寫死在程式裡面也不是不行啦,只是不太好...
文字如下:
public static boolean checkLDAPAuth(String account, String password) throws Exception {
LOG.debug("---------LDAP驗證------------start");
boolean result = false;
String ldap_account = "";
String ldap_url_tmp = "";
if (account.isEmpty() || password.isEmpty()) {
LOG.debug("LoginAction checkAuth account or password or ldap_url 為空");
return false;
}
String domain = "@systex.tw";
ldap_account = account + domain ;
List<String> ldapIdList = new ArrayList<String>();
ldapIdList.add("ldaps://dc-tpe-neihu5.systex.tw:636/");
if (ldapIdList != null && ldapIdList.size() > 0) {
for (String ldapId : ldapIdList) {
ldap_url_tmp = ldapId;
// LDAP驗證
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.PROVIDER_URL, ldap_url_tmp);
env.put(Context.SECURITY_PRINCIPAL, ldap_account);
env.put(Context.SECURITY_CREDENTIALS, password);
LdapContext ctx = null;
try {
ctx = new InitialLdapContext(env, null);
result = true;
break;
} catch (javax.naming.AuthenticationException e) {
if (e.getMessage().indexOf("LDAP: error code 49") != -1) {
LOG.error(getResMsg("prompt.login_fail.pw_error"));// 認證失敗!您輸入的密碼錯誤!
} else {
LOG.error(getResMsg("prompt.login_fail") + e.getMessage());// 認證失敗!
}
} catch (javax.naming.CommunicationException e) {
LOG.error(getResMsg("prompt.login_fail.connect") + e.getMessage());// 連線失敗!
} catch (Exception e) {
LOG.error(getResMsg("prompt.login_fail.unknow") + e.getMessage());// 發生未知的錯誤!
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
LOG.error(e.getMessage());
}
}
}
}
}
LOG.debug("---------LDAP驗證------------end");
return result;
}
留言列表
