1. 首页
  2. 问答
  3. 验证用户是否属于活动目录组

验证用户是否属于活动目录组

2017-10-11 82 views
0

如果用户在特定组中,我将用shiro连接到我们的活动目录并尝试配置它。验证用户是否属于活动目录组

Shiro.ini文件:

[main] 
realm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm 
realm.url = LDAP://example.com/ 
realm.systemUsername = [email protected] 
realm.systemPassword = password 
realm.searchBase = "OU=level2,OU=level1,DC=example,DC=com" 
realm.groupRolesMap = "CN=Group1,OU=level2,OU=level1,DC=example,DC=com":"itadmins" 

[roles] 
itadmins = *

,代码:

public class Quickstart { 

    private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class); 
    public static final String userName = "[email protected]"; 
    public static final String password = "userpassword"; 


    public static void main(String[] args) { 

    // The easiest way to create a Shiro SecurityManager with configured 
    // realms, users, roles and permissions is to use the simple INI config. 
    // We'll do that by using a factory that can ingest a .ini file and 
    // return a SecurityManager instance: 

    // Use the shiro.ini file at the root of the classpath 
    // (file: and url: prefixes load from files and urls respectively): 
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); 
    SecurityManager securityManager = factory.getInstance(); 

    // for this simple example quickstart, make the SecurityManager 
    // accessible as a JVM singleton. Most applications wouldn't do this 
    // and instead rely on their container configuration or web.xml for 
    // webapps. That is outside the scope of this simple quickstart, so 
    // we'll just do the bare minimum so you can continue to get a feel 
    // for things. 
    SecurityUtils.setSecurityManager(securityManager); 

    // Now that a simple Shiro environment is set up, let's see what you can do: 
    UsernamePasswordToken token = new UsernamePasswordToken(userName, password); 

    // get the currently executing user: 
    Subject currentUser = SecurityUtils.getSubject(); 

    try { 
     currentUser.login(token); 
     System.out.println("We've authenticated! :)"); 
    } catch (AuthenticationException e) { 
     System.out.println("We did not authenticate :("); 
     e.printStackTrace(); 
    } 

    log.info("User [" + currentUser + "] logged in successfully."); 


    if (currentUser.hasRole("hasRole")) { 
     System.out.println("We're authorized! :)"); 
    } else { 
     System.out.println("We are not authorized :("); 
    } 


     //all done - log out! 
     currentUser.logout(); 

     System.exit(0);*/ 
    } 
}

的用户进行身份验证,但并不认可。我究竟做错了什么?

来源

2017-10-11 zero_coding

回答

0

看起来像你有一个错字? currentUser.hasRole("hasRole")我猜这应该是currentUser.hasRole("itadmins")

来源

2017-10-13 02:34:09

相关问题

 相关问题