Criar logon utilizando Active Directory

marciomarcPJ · Maio 10, 2007, 11:16am

Bom dia galera,estou querendo criar um logon que utiliza o active directory(AD) do windowns.Inicialmente não ha alteração de dados,o usuario informa a matricula e a senha e o verificamos se ele existe ou não no AD. Se alguem puder disponibilizar o codigo fico mto agradecido.Antecipadamente muito obrigado!!!

fpapaizPJ · Maio 11, 2007, 9:49am

Eu acesso o AD via LDAP para autorização de usuários.
Veja abaixo codigo de exemplo:

package br.gov.tjrn.arq.auth.activeDirectory;
 
 import java.util.Hashtable;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 
 public class DadosLoginActiveDirectory&#123;
 
 	public static void main&#40;String&#91;&#93; args&#41; throws NamingException &#123;
 
 		String loginPesquisado = &quot;teste&quot;;
 		String dominio = &quot;@intranet.tjrn&quot;;
 		
 		// specify the LDAP search filter
 		String searchBase = &quot;DC=intranet,DC=tjrn&quot;;
 
 		// prepara parametros de conexao ao AD
 		Hashtable&lt;String, String&gt; envDC = new Hashtable&lt;String, String&gt;&#40;&#41;;
 
 		envDC.put&#40;Context.INITIAL_CONTEXT_FACTORY,
 				&quot;com.sun.jndi.ldap.LdapCtxFactory&quot;&#41;;
 
 		// atribui as credenciais de segurança &#40;note&#58; using simple cleartext
 		// authentication&#41;
 		envDC.put&#40;Context.SECURITY_AUTHENTICATION, &quot;simple&quot;&#41;;
 
 		// usuario para fazer o bind com o AD
 		envDC.put&#40;Context.SECURITY_PRINCIPAL, &lt;usuario+dominio&gt;&#41;; 
 		envDC.put&#40;Context.SECURITY_CREDENTIALS, &lt;senha&gt;&#41;;
 
 		// URL de conexao
 		envDC.put&#40;Context.PROVIDER_URL, &quot;ldap&#58;//&lt;IP do servidor AD&gt;&quot;&#41;;
 
 		// We need to chase referrals when retrieving attributes from the DC
 		// as the object may be in a different domain
 		envDC.put&#40;Context.REFERRAL, &quot;follow&quot;&#41;;
 
 		// configura os atributos que serão obtidos na forma binária
 		envDC.put&#40;&quot;java.naming.ldap.attributes.binary&quot;,
 				&quot;objectGUID objectSid msSFUPassword&quot;&#41;;
 
 		// libera o LdapContext desta instancia, caso ele já estive atribuído
 		LdapContext ldapContext = new InitialLdapContext&#40;envDC, null&#41;;
 
 		// Now perform a search against the GC
 		// Create the search controls
 		SearchControls searchCtls = new SearchControls&#40;&#41;;
 
 		// Specify the attributes to return
 		String&#91;&#93; returnedAtts = &#123; &quot;givenName&quot;, &quot;objectGUID&quot;, &quot;displayName&quot;,
 				&quot;distinguishedName&quot;, &quot;userPrincipalName&quot;, &quot;samAccountName&quot;,
 				&quot;objectClass&quot;, &quot;sn&quot;, &quot;unicodePwd&quot;, &quot;userPassword&quot;,
 				&quot;msSFUPassword&quot; &#125;;
 		searchCtls.setReturningAttributes&#40;returnedAtts&#41;;
 
 		// Specify the search scope
 		searchCtls.setSearchScope&#40;SearchControls.SUBTREE_SCOPE&#41;;
 
 		String searchFilter = &quot;&#40;&amp;&#40;objectClass=user&#41;&#40;userPrincipalName=&quot;
 				+ &#40;loginPesquisado + dominio&#41; + &quot;&#41;&#41;&quot;;
 
 		// Search for objects in the GC using the filter
 		NamingEnumeration answer = ldapContext.search&#40;searchBase, searchFilter,
 				searchCtls&#41;;
 
 		if &#40;answer.hasMoreElements&#40;&#41;&#41; &#123;
 
 			SearchResult sr = &#40;SearchResult&#41; answer.next&#40;&#41;;
 
 			// Print out some of the attributes, catch the exception if the
 			// attributes have no values
 			Attributes attrs = sr.getAttributes&#40;&#41;;
 
 			// exibe os valores dos atributos retornados junto com seus valores
 			NamingEnumeration enumeration = attrs.getIDs&#40;&#41;;
 			while &#40;enumeration.hasMoreElements&#40;&#41;&#41; &#123;
 				String attrId = &#40;String&#41; enumeration.nextElement&#40;&#41;;
 				System.out.println&#40;attrs.get&#40;attrId&#41;&#41;;
 			&#125;
 			System.out.println&#40;&#41;;
 
 			// obtem o displayName e nocaso dele ser null, pega o givenName
 			String userName = &quot;&quot;;
 			if &#40;attrs.get&#40;&quot;displayName&quot;&#41; != null&#41; &#123;
 				userName = &#40;String&#41; attrs.get&#40;&quot;displayName&quot;&#41;.get&#40;&#41;;
 			&#125; else if &#40;attrs.get&#40;&quot;givenName&quot;&#41; != null&#41; &#123;
 				userName = &#40;String&#41; attrs.get&#40;&quot;givenName&quot;&#41;.get&#40;&#41;;
 			&#125;
 			// obtem o distinguishedName e o userPrincipalName
 			String distinguishedName = &#40;String&#41; attrs.get&#40;&quot;distinguishedName&quot;&#41;
 					.get&#40;&#41;;
 			String userPrincipalName = &#40;String&#41; attrs.get&#40;&quot;userPrincipalName&quot;&#41;
 					.get&#40;&#41;;
 
 			System.out.println&#40;userName&#41;;
 			System.out.println&#40;distinguishedName&#41;;
 			System.out.println&#40;userPrincipalName&#41;;
 
 		&#125;
 	&#125;
 &#125;

fpapaizPJ · Maio 11, 2007, 9:56am

no seu caso, vc passaria o login e senha informados pelo usuario como parametros de BIND com o AD (veja codigo abaixo).
Se ele conseguir fazer o bind então o login e senha estão corretos.

       //usuario para fazer o bind com o AD
       envDC.put&#40;Context.SECURITY_PRINCIPAL, &lt;usuario+dominio&gt;&#41;;
       envDC.put&#40;Context.SECURITY_CREDENTIALS, &lt;senha&gt;&#41;;

andredecotia · Março 13, 2011, 9:21pm

Você está utilizando JAAS?

system · Dezembro 29, 2015, 5:00am

Criar logon utilizando Active Directory

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI