这是个人1周来学习LDAP和web service的总结,如果觉的不好,请评价;如有转载,请注明出处~
属性BEAN:
package com.primesuccess.ldap;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Properties;
import java.util.ResourceBundle;
/**
* Contains static variables which define the connection parameters
* for Oracle Internet Directory and Database. The parameters are loaded from
* Connection.properties file.
*
*/
public class ConnParams {
// Default Root Context
public static String identityMgmtRealm = null;
// DataSource name
public static String groceryDSName = null;
// Directory Server host name
public static String dirHostName = null;
// Directory instance port
public static String dirPort = null;
public static String adminname = null;
public static String adminpassword = null;
public static String objC1 = null;
public static String objC2 = null;
public static String objC3 = null;
public static String objC4 = null;
public static String objC5 = null;
public static String objC6 = null;
public static String RDN=null;
public static String userctx=null;
// Load parameters from Connection.properties
static {
if (identityMgmtRealm == null) {
Properties conValues = null;
try {
// Parse the Connection.properties file and extract the details
conValues = loadParams("Connection");
// Get the details from the Properties
groceryDSName = (String) conValues.getProperty(
"DATASOURCE_NAME");
dirHostName = (String) conValues.getProperty("LDAP_HOST_NAME");
dirPort = (String) conValues.getProperty("LDAP_PORT");
identityMgmtRealm = (String) conValues.getProperty(
"IDENTITY_MGMT_REALM");
adminname = (String) conValues.getProperty("LDAP_ADMIN_NAME");
adminpassword = (String) conValues.getProperty(
"LDAP_ADMIN_PASSWORD");
objC1 = (String) conValues.getProperty("ldap_obj1");
objC2 = (String) conValues.getProperty("ldap_obj2");
objC3 = (String) conValues.getProperty("ldap_obj3");
objC4 = (String) conValues.getProperty("ldap_obj4");
objC5 = (String) conValues.getProperty("ldap_obj5");
objC6 = (String) conValues.getProperty("ldap_obj6");
RDN=(String)conValues.getProperty("ldap_RDN");
userctx=(String)conValues.getProperty("ldap_userctx");
} catch (Exception ex) {
System.out.println(
" Fatal Error : Could not read Properties file : " +
ex.toString());
} finally {
// Clear properties
conValues.clear();
conValues = null;
}
}
}
/**
* This method reads a properties file which is passed as
* the parameter to it and returns it as Properties object.
*
* @param file File path
* @return Properties The properties object
* @exception IOException if loading properties file fails
*/
public static Properties loadParams(String file) throws IOException {
// Loads a ResourceBundle and creates Properties from it
Properties prop = new Properties();
ResourceBundle bundle = ResourceBundle.getBundle(file);
// Retrieve the keys and populate the properties object
Enumeration enum = bundle.getKeys();
String key = null;
while (enum.hasMoreElements()) {
key = (String) enum.nextElement();
prop.put(key, bundle.getObject(key));
}
return prop;
}
}
接口BEAN:
package com.primesuccess.ldap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
/**
* This class manages all Directory operations.
*/
public class DirectoryManager {
public DirContext dirctx = null;
/**
* Empty default Constructor.
*/
public DirectoryManager() {
}
/**
* Authenticates the user credentials with Directory.
*
* @param username User Name of the user
* @param passwd Password of the user
* @return true - if the credentials are valid
*
* @exception AuthenticationException If credentials are invalid
* @exception NamingException if any directory operation fails
* @webmethod
*/
public boolean authenticateUser(String username, String passwd)
throws AuthenticationException, NamingException {
boolean authorized = false;
// Get the Distinguished Name
String dn = this.getUserDN(username);
try {
// Authenticate with Directory
dirctx = this.getDirectoryContext(dn, passwd);
authorized = true;
} catch (AuthenticationException authEx) {
throw new AuthenticationException(" Invalid Password ");
}
return authorized;
}
public int changeEmail(String username, String newemail)
throws Exception {
try {
Attributes attrs = new BasicAttributes(true);
if (com.primesuccess.ldap.ValidatorEx.doValidateEmail(newemail) == 1) {
attrs.put(new BasicAttribute("mail", newemail));
dirctx.modifyAttributes(getUserDN(username),
DirContext.REPLACE_ATTRIBUTE, attrs);
return 1;
} else {
return ValidatorEx.doValidateEmail(newemail);
}
} catch (Exception e) {
e.printStackTrace();
return -2;
}
}
public int changePassword(String username, String oldpassword,
String newpassword) throws Exception {
try {
Attributes attrs = new BasicAttributes(true);
if (authenticateUser(username, oldpassword)) {
if (com.primesuccess.ldap.ValidatorEx.doValidatePassword(
newpassword) == 1) {
attrs.put(new BasicAttribute("userpassword", newpassword));
dirctx.modifyAttributes(getUserDN(username),
DirContext.REPLACE_ATTRIBUTE, attrs);
return 1;
} else {
return ValidatorEx.doValidatePassword(newpassword);
}
} else {
return -1;
}
} catch (Exception e) {
e.printStackTrace();
return -2;
}
}
public int validUser(String name, String tag) throws Exception {
try {
Attributes attrs = new BasicAttributes(true);
String dn = getUserDN(name);
if (tag.equals("ENABLED")||tag.equals("disabled")) {
attrs.put(new BasicAttribute("orclisenabled", tag));
dirctx.modifyAttributes(dn, DirContext.REPLACE_ATTRIBUTE, attrs);
return 1;
}
else
{
return -1;
}
} catch (Exception e) {
return -2;
}
}
public void addDirectoryEntry(String dn, List objCls, Map map)
throws NamingException, NameAlreadyBoundException {
// Create attribute list, ignore case of attribute names
Attributes attrs = new BasicAttributes(true);
if (!objCls.isEmpty()) {
Attribute objclass = new BasicAttribute("objectclass");
// Iterate thriough the collection and add the object classes to the attribute
Iterator objclsIter = objCls.iterator();
while (objclsIter.hasNext()) {
// Add the object classes
objclass.add(objclsIter.next());
}
// Add the object class attribute to list
attrs.put(objclass);
}
// Iterate through other attributes and add to attributes list
Iterator attrsIter = map.entrySet().iterator();
while (attrsIter.hasNext()) {
Map.Entry attr = (Map.Entry) attrsIter.next();
attrs.put(new BasicAttribute((String) attr.getKey(), attr.getValue()));
}
// add the directory entry to the directory with the attributes
dirctx.createSubcontext(dn, attrs);
}
/**
* Retrieves the Distinguished name of them of the specified RDN.
*
* @param uname Relative Distinguished name.
* @return Distinguished name of the user
* @exception NamingException if directory operation fails
*/
public String getUserDN(String uname) throws NamingException {
DirContext dCtx = null;
// if Grocery context is available, use it, else create one as application entity
if (dirctx == null) {
dCtx = this.getDirectoryContext(ContextNames.userContext, "");
} else {
dCtx = dirctx;
}
SearchResult searchResult = null;
NamingEnumeration results = null;
String userDN = null;
String filter = "(" + ContextNames.RDN + "=" + uname + ")";
// To set search controls to search with subtree scope
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Search the directory based on the search string from the specified context
results = dCtx.search(ContextNames.userContext, filter, searchControls);
// If matching record found
if (results.hasMore()) {
searchResult = (SearchResult) results.next();
// Build the User DN
userDN = searchResult.getName() + "," + ContextNames.userContext;
} else {
// User not found
throw new NamingException(" Invalid Username ");
}
return userDN;
}
/**
* Initializes a Directory Context with the specified credentials and return it.
* If the password is blank(null), it binds as anonymous user and returns the
* context.
*
* @param username Directory user name
* @param password Directory user password
* @return valid directory context, if credentials are valid
* @exception AuthenticationException if credentails are invalid
* @exception NamingException if directory operation fails
*/
public DirContext getDirectoryContext(String username, String password)
throws AuthenticationException, NamingException {
//DirContext dCtx = null;
//Build the LDAP url
String ldapurl = "ldap://" + ConnParams.dirHostName + ":" +
ConnParams.dirPort;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapurl);
// if password is specified, set the credentials
if (password != null) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
}
// Bind and initialize the Directory context
dirctx = new InitialDirContext(env);
return dirctx;
}
/**
* Searchs the directory under the specified context with specified filter
* and returns the search results.
* The scope is set to one-level.
*
* @param ctxname Context under which seach has to be done.
* @param filter Search filter
* @return Attributes matching the search specification
* @exception NamingException if directory search fails
*/
// public boolean searchAssembly(String name) throws Exception {
//
// list = search(name).iterator();
//
// return true;
// } else {
// return false;
// }
// }
public Collection search(String ctxname, String filter)
throws NamingException {
SearchResult searchResult = null;
NamingEnumeration results = null;
Collection retColl = new ArrayList();
Attributes attrs = null;
// Initialize search search controls with one-level scope
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
// Search the directory based on the search string under the specified context
results = dirctx.search(ctxname, filter, searchControls);
// Check if any matching results were found in Directory
if (results.hasMore()) {
// Iterate through the results and populate the return collection
do {
searchResult = (SearchResult) results.next();
// Get the attributes
attrs = searchResult.getAttributes();
retColl.add(attrs);
} while (results.hasMore());
}
return retColl;
}
}
用户操作BEAN(WEB SERVICE上可见):
package com.primesuccess.ldap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
public class LdapBean {
private boolean isLogin = false;
Iterator list;
public LdapBean() {
}
/**
* Authenticates the user credentials with Directory.
*
* @param username User Name of the user
* @param passwd Password of the user
* @return true - if the credentials are valid
*
* @exception AuthenticationException If credentials are invalid
* @exception NamingException if any directory operation fails
* @webmethod
*/
public boolean authenticateUser(String username, String passwd)
throws AuthenticationException, NamingException {
DirectoryManager dm = new DirectoryManager();
return dm.authenticateUser(username, passwd);
}
/**
*
* @webmethod
*/
public int changeEmail(String username, String newemail)
throws Exception {
if (isLogin()) {
DirectoryManager dm = new DirectoryManager();
String dn = dm.getUserDN(ConnParams.adminname);
dm.dirctx = dm.getDirectoryContext(dn, ConnParams.adminpassword);
return dm.changeEmail(username, newemail);
} else {
return 0;
}
}
/**
*
* @webmethod
*/
public int createUser(String name, String password, String email) {
if (isLogin()) {
try {
DirectoryManager dm = new DirectoryManager();
String dn = dm.getUserDN(ConnParams.adminname);
dm.dirctx = dm.getDirectoryContext(dn, ConnParams.adminpassword);
ArrayList objList = new ArrayList();
HashMap map = new HashMap();
objList.add(0, ConnParams.objC1);
objList.add(1, ConnParams.objC2);
objList.add(2, ConnParams.objC3);
objList.add(3, ConnParams.objC4);
objList.add(4, ConnParams.objC5);
objList.add(5, ConnParams.objC6);
map.put("cn", name);
map.put("sn", name);
map.put("uid", name);
map.put("mail", email);
map.put("userpassword", password);
dm.addDirectoryEntry(ConnParams.RDN + "=" + name + "," +
ConnParams.userctx, objList, map);
return 1;
} catch (Exception e) {
e.printStackTrace();
return -1;
}
} else {
return 0;
}
}
/**
*
* @webmethod
*/
public int changePassword(String username, String oldpassword,
String newpassword) throws Exception {
if (isLogin()) {
DirectoryManager dm = new DirectoryManager();
String dn = dm.getUserDN(ConnParams.adminname);
dm.dirctx = dm.getDirectoryContext(dn, ConnParams.adminpassword);
return dm.changePassword(username, oldpassword, newpassword);
} else {
return 0;
}
}
/**
*
* @webmethod
*/
public int validUser(String name, String tag) throws Exception {
if (isLogin()) {
DirectoryManager dm = new DirectoryManager();
String dn = dm.getUserDN(ConnParams.adminname);
dm.dirctx = dm.getDirectoryContext(dn, ConnParams.adminpassword);
return dm.validUser(name, tag);
} else {
return 0;
}
}
/**
*
* @webmethod
*/
public boolean searchAssembly(String name) throws Exception {
if (isLogin()) {
DirectoryManager dm = new DirectoryManager();
String dn = dm.getUserDN(ConnParams.adminname);
dm.dirctx = dm.getDirectoryContext(dn, ConnParams.adminpassword);
String filter = "(" + ConnParams.RDN + "=" + name + ")";
list = dm.search(ConnParams.userctx, filter).iterator();
return true;
} else {
return false;
}
}
/**
*
* @webmethod
*/
public String searchNext() throws Exception {
if (isLogin()) {
try{
Attributes attrs = (Attributes) list.next();
String s = attrs.get(ConnParams.RDN).toString();
return s;
}catch(Exception e)
{
return "The search result has been to end";
}
} else {
return "Loss Check Whether it's Authoricated";
}
}
/**
*
* @webmethod
*/
public boolean authenticateLogin(String username, String passwd)
throws AuthenticationException, NamingException {
if (username.equals("login_user") &&
authenticateUser(username, passwd)) {
isLogin = true;
return true;
} else {
return false;
}
}
/**
*
* @webmethod
*/
public boolean isLogin() {
return isLogin;
}
}
UTIL BEAN:用于验证EMAIL和LDAP密码:
package com.primesuccess.ldap;
/**
* The <code>ValidatorEx</code> provide these validators used in other class.
* <p>
*
* @version 1.0
* @author Kemi
*/
public class ValidatorEx {
/**
* Email格式验证
* @param input 用户输入
* @return -1: Email输入格式应该是一个字符串 <p>-2: "@"不存在或"@"不应该出现在首位<p> -3: "."分隔符号找不到或位置错误 <p> -4: "."不应该出现在末位 <p> 1: Email验证成功
* @exception ValidationException 其他验证异常
*/
public static int doValidateEmail(Object input) {
if (!(input instanceof String)) {
return -11;
}
String inputStr = (String) input;
int idx = inputStr.indexOf(
'@'
);
if ((idx == -1) || (idx == 0)) {
return -12;
}
int idx2 = inputStr.indexOf('.', idx);
if ((idx2 == -1) || (idx2 == (idx + 1))) {
return -13;
}
if (inputStr.endsWith(".")) {
return -14;
}
return 1;
}
/**
* Password格式验证
* @param input 用户输入
* @return -1: Password输入格式应该是一个字符串<p> -2: Password至少应该包含一个数字 <p>-3: Password长度至少为5位 <p> 1: Password验证成功
*/
public static int doValidatePassword(Object input) {
if (!(input instanceof String)) {
return -11;
}
String inputStr = (String) input;
if ((inputStr.indexOf("0") == -1) && (inputStr.indexOf("1") == -1) &&
(inputStr.indexOf("2") == -1) && (inputStr.indexOf("3") == -1) &&
(inputStr.indexOf("4") == -1) && (inputStr.indexOf("5") == -1) &&
(inputStr.indexOf("6") == -1) && (inputStr.indexOf("7") == -1) &&
(inputStr.indexOf("8") == -1) && (inputStr.indexOf("0") == -1)) {
return -12;
}
if (inputStr.length() < 5) {
return -13;
}
return 1;
}
}
属性文件
#
# File Name : Connection.properties
# This file contains connection and configuration properties. Edit this file accordingly to your application server settings.
#
#
# The identity Management Realm is an area in Oracle Internet Direcotry where you
# administer user identities and groups.
#
IDENTITY_MGMT_REALM=dc=dev,dc=daphne,dc=com,dc=cn
#
# HostName where Oracle Internet Directory is running
#
LDAP_HOST_NAME=oas.daphne.com.cn
#
# Port where Oracle Internet Directory is running
#
LDAP_PORT=389
#
# Data Source Name
# The value of the ejb-location parameter of the Datasource used.
# default:jdbc/GroceryStoreDS
#
DATASOURCE_NAME=jdbc/GroceryStoreDS
LDAP_ADMIN_NAME=orcladmin
LDAP_ADMIN_PASSWORD=abc123
ldap_obj1=top
ldap_obj2=person
ldap_obj3=organizationalPerson
ldap_obj4=inetOrgPerson
ldap_obj5=orcluser
ldap_obj6=orcluserV2
ldap_userctx=cn=Users,dc=dev,dc=daphne,dc=com,dc=cn
ldap_RDN=cn
login_user=login_user