📄 activedirectoryuserdatabase.java
字号:
ActiveDirectoryUser createUser(DirContext ctx, SearchResult sr) throws UserDatabaseException, NamingException {
RoleMap groups = getRoleMap("*");
ActiveDirectoryUser user;
String dn = getDN(sr);
if (log.isDebugEnabled())
log.debug("Getting attributes for " + dn);
// Code for displaying attribute list
Attributes ar = sr.getAttributes();
if (ar == null)
throw new NamingException("No attributes for " + dn);
if (ar.get("sAMAccountName") != null) {
user = new ActiveDirectoryUser((String) ((Attribute) ar.get("sAMAccountName")).get());
} else {
user = new ActiveDirectoryUser("");
if (user.getPrincipalName().equals("support")) {
}
}
try {
loadAttributes(user);
} catch (Exception e) {
throw new UserDatabaseException("Failed to load user attributes.", e);
}
user.setDN(dn);
if (ar.get("mail") != null) {
user.setEmail((String) ((Attribute) ar.get("mail")).get());
} else {
user.setEmail("");
}
if (ar.get("cn") != null) {
user.setFullname((String) ((Attribute) ar.get("cn")).get());
} else {
user.setFullname("");
}
if (ar.get(User.USER_ATTR_HOME_DIRECTORY) != null) {
user.getAttributes().setProperty(User.USER_ATTR_HOME_DIRECTORY,
(String) ((Attribute) ar.get(User.USER_ATTR_HOME_DIRECTORY)).get());
}
if (ar.get(User.USER_ATTR_HOME_DRIVE) != null) {
user.getAttributes().setProperty(User.USER_ATTR_HOME_DRIVE,
(String) ((Attribute) ar.get(User.USER_ATTR_HOME_DRIVE)).get());
}
Vector roles = new Vector();
if (ar.get("primaryGroupId") != null) {
Attribute attr = (Attribute) ar.get("primaryGroupId");
Long rid = new Long(Long.parseLong((String) attr.get()));
if (log.isDebugEnabled())
log.debug("Users primaryGroupId is " + rid.toString());
Role role = groups.getByRID(rid);
if (role != null) {
if (log.isDebugEnabled())
log.debug("Users primary group is " + ((ActiveDirectoryGroup) role).getDN());
roles.add(role);
} else {
if (log.isInfoEnabled())
log.info("Could not find primary group " + rid.toString() + " for user " + dn);
}
}
if (ar.get("memberOf") != null) {
Attribute attr = (Attribute) ar.get("memberOf");
for (int j = 0; j < attr.size(); j++) {
dn = (String) (attr).get(j);
if (log.isDebugEnabled())
log.debug("Checking if user is a member of " + dn + " a valid group");
if (groups.containsDN(dn)) {
ActiveDirectoryGroup r = (ActiveDirectoryGroup) groups.getByDN(dn);
if (r != null && !roles.contains(r)) {
roles.add(r);
if (log.isDebugEnabled())
log.debug("Member of " + dn + " [" + ((ActiveDirectoryGroup) r).getSAMAccountName() + "]");
/**
* Add the parent groups for each group since the user
* effectively belongs to those groups too.
*/
if (r.getParents() != null) {
for (int i = 0; i < r.getParents().length; i++) {
if (r.getParents()[i] == null) {
if (log.isDebugEnabled())
log.debug("Found NULL parent group in populateUserInfo");
}
else if(!roles.contains(r.getParents()[i]))
roles.add(r.getParents()[i]);
}
}
} else {
if (log.isInfoEnabled())
log.info("Could not find group " + dn);
}
}
}
}
ActiveDirectoryGroup[] r = new ActiveDirectoryGroup[roles.size()];
if (log.isDebugEnabled())
log.debug("User belongs to " + roles.size() + " roles");
roles.copyInto(r);
user.setRoles(r);
return user;
}
Long getRIDFromSID(byte[] sid) {
String rid = "";
for (int i = 6; i > 0; i--) {
rid += byteToHex(sid[i]);
}
// get authority
long authority = Long.parseLong(rid);
if (authority != 5)
return null;
rid = "";
for (int j = 11; j > 7; j--) {
rid += byteToHex(sid[j + (4 * 4)]);
}
return new Long(Long.parseLong(rid, 16));
}
String byteToHex(byte b) {
String ret = Integer.toHexString((int) b & 0xFF);
if (ret.length() < 2)
ret = "0" + ret;
return ret;
}
// Supporting classes
class RoleMap implements Serializable {
Map dnToRoleMap = new TreeMap();
Map groupNameToRoleMap = new TreeMap();
Map groupsByRID = new TreeMap();
Map parentGroupsByDN = new TreeMap();
Role getByDN(String dn) {
return (Role) dnToRoleMap.get(dn.toLowerCase());
}
boolean containsDN(String dn) {
return dnToRoleMap.containsKey(dn.toLowerCase());
}
int size() {
return dnToRoleMap.size();
}
Collection values() {
return dnToRoleMap.values();
}
Role getByGroupName(String dn) {
return (Role) groupNameToRoleMap.get(dn.toLowerCase());
}
List getParents(String dn) {
return (List) parentGroupsByDN.get(dn);
}
void put(ActiveDirectoryGroup role, String dn, List parents) {
dnToRoleMap.put(dn.toLowerCase(), role);
groupNameToRoleMap.put(role.getPrincipalName().toLowerCase(), role);
if (role.getRID() != null) // Only NT Authority groups will be used
groupsByRID.put(role.getRID(), role);
parentGroupsByDN.put(role.getDN(), parents);
}
Role getByRID(Long rid) {
return (Role) groupsByRID.get(rid);
}
void buildHierarchy() {
// This should only be called once all roles are available
Map.Entry entry;
ActiveDirectoryGroup role;
for (Iterator it = parentGroupsByDN.entrySet().iterator(); it.hasNext();) {
entry = (Map.Entry) it.next();
role = (ActiveDirectoryGroup) dnToRoleMap.get(((String) entry.getKey()).toLowerCase());
if (role != null) {
List parents = (List) entry.getValue();
Vector t = new Vector();
String dn;
Role r;
for (Iterator it2 = parents.iterator(); it2.hasNext();) {
dn = (String) it2.next();
if (dnToRoleMap.containsKey(dn.toLowerCase())) {
r = (Role) dnToRoleMap.get(dn.toLowerCase());
if (r != null) {
t.add(dnToRoleMap.get(dn.toLowerCase()));
} else if (log.isDebugEnabled())
log.debug("Found NULL role in parent list");
}
}
ActiveDirectoryGroup[] tmp = new ActiveDirectoryGroup[parents.size()];
t.copyInto(tmp);
role.setParents(tmp);
}
}
}
}
/**
* The application must supply a PrivilegedAction that is to be run inside a
* Subject.doAs() or Subject.doAsPrivileged().
*/
class ListRolesAction implements java.security.PrivilegedAction {
InitialLdapContext ctx;
String filter;
ListRolesAction(String filter) {
this.filter = filter;
}
public Object run() {
try {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Follow referrals
if (System.getProperty("sslexplorer.followADReferrals", "false").equalsIgnoreCase("true"))
env.put(Context.REFERRAL, "follow");
// Must use fully qualified hostname
env.put(Context.PROVIDER_URL, adURL);
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("java.naming.ldap.version", "3");
env.put("java.naming.ldap.attributes.binary", "objectSID");
env.put("com.sun.jndi.ldap.connect.pool", "true");
/* Create initial context */
ctx = new InitialLdapContext(env, null);
return listRoles(filter);
} catch (NamingException ex) {
log.error("Failed to list roles.", ex);
return ex;
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException ex1) {
}
}
}
}
RoleMap listRoles(String filter) throws NamingException {
RoleMap roles = new RoleMap();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//constraints.setCountLimit(0);
String sFilter = GROUP_FILTER.replaceAll("%GROUPNAME%", filter);
//Request the paged results control
int pageSize = 500;
try {
pageSize = CoreServlet.getServlet().getPropertyDatabase().getPropertyInt(0, null, "activeDirectory.pageSize");
} catch(Exception ex) {
log.error("Could not find activeDirectory.pageSize property!",ex);
}
int currentPage = 1;
int startPosition = 0;
int endPosition = 9;
String range;
byte[] cookie = null;
try {
Control[] ctls = new Control[]{new PagedResultsControl(10,Control.CRITICAL)};
ctx.setRequestControls(ctls);
} catch(IOException ex) {
log.warn("Tried to configure paged search but got error", ex);
}
NamingException lastError = null;
try {
for (Iterator it = includedOUBasesList.iterator(); it.hasNext();) {
String searchBase = (String) it.next();
if (log.isDebugEnabled())
log.debug("Looking for groups starting at " + searchBase + " (filter = " + sFilter + ")");
do {
range = startPosition + "-" + endPosition;
if(log.isDebugEnabled())
log.debug("Starting group search on page " + currentPage + " " + range);
constraints.setReturningAttributes(GROUP_ATTRS);
NamingEnumeration results = ctx.search(searchBase, sFilter, constraints);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -