Java访问LDAP服务器认证代码示例
2009-05-27 16:33
495 查看
先参阅以前的文章:http://blog.csdn.net/kunshan_shenbin/archive/2007/12/21/1957775.aspx
代码示例如下:
application.properties
LdapConnector.java
测试用LDAP数据文件:
注意:LDAP中userPassword节点的数据将会被SSHA加密。
代码示例如下:
application.properties
ladp_ip_addr=192.168.2.8 ladp_port_num=389 ladp_username=yyyyy ladp_password=xxxxx ladp_database=ou=LAS15,o=nodai,c=jp
LdapConnector.java
package com.nauproject.apm.common;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class LdapConnector {
public boolean loginLdapServer(String username, String password){
InputStream istream = getClass().getClassLoader().getResourceAsStream("application.properties");
Properties properties = new Properties();
try {
properties.load(istream);
istream.close();
} catch (IOException e) {
e.printStackTrace();
}
String ip = properties.getProperty("ladp_ip_addr");//IPアドレス
String port = properties.getProperty("ladp_port_num");//ポート
String ldap_user = properties.getProperty("ladp_username");//ユーザー名
String ldap_pwd = properties.getProperty("ladp_password");//パスワード
String querybase = properties.getProperty("ladp_database");
Properties env = new Properties();
String ldapURL = "LDAP://" + ip + ":" + port;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldap_user);
env.put(Context.SECURITY_CREDENTIALS, ldap_pwd);
env.put(Context.PROVIDER_URL, ldapURL);
try {
LdapContext ctx = new InitialLdapContext(env, null);
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<?> results = ctx.search(querybase, "uid=" + username, searchCtls);
while (results.hasMoreElements()) {
SearchResult sr = (SearchResult) results.next();
Attributes attributes = sr.getAttributes();
NamingEnumeration<?> pwds = attributes.get("userPassword").getAll();
while (pwds.hasMoreElements()) {
byte[] ssha_pwd = (byte[])pwds.next();
if(verifyPassword(new String(ssha_pwd), password)){
return true;
}
}
}
ctx.close();
}catch (Exception e) {
e.printStackTrace();
}
return false;
}
public boolean verifyPassword(String digest, String password)
throws Base64DecodingException {
String alg = null;
int size = 0;
if (digest.regionMatches(true, 0, "{SHA}", 0, 5)) {
digest = digest.substring(5);
alg = "SHA-1";
size = 20;
} else if (digest.regionMatches(true, 0, "{SSHA}", 0, 6)) {
digest = digest.substring(6);
alg = "SHA-1";
size = 20;
} else if (digest.regionMatches(true, 0, "{MD5}", 0, 5)) {
digest = digest.substring(5);
alg = "MD5";
size = 16;
} else if (digest.regionMatches(true, 0, "{SMD5}", 0, 6)) {
digest = digest.substring(6);
alg = "MD5";
size = 16;
}
try {
MessageDigest mDigest = MessageDigest.getInstance(alg);
if (mDigest == null) {
return false;
}
byte[][] hs = split(Base64.decode(digest), size);
byte[] hash = hs[0];
byte[] salt = hs[1];
mDigest.reset();
mDigest.update(password.getBytes());
mDigest.update(salt);
byte[] pwhash = mDigest.digest();
return MessageDigest.isEqual(hash, pwhash);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
}
private byte[][] split(byte[] src, int n) {
byte[] l;
byte[] r;
if (src.length <= n) {
l = src;
r = new byte[0];
} else {
l = new byte
;
r = new byte[src.length - n];
System.arraycopy(src, 0, l, 0, n);
System.arraycopy(src, n, r, 0, r.length);
}
byte[][] lr = { l, r };
return lr;
}
}测试用LDAP数据文件:
dn: c=jp objectClass: country objectClass: top c: jp dn: o=nodai,c=jp objectClass: top objectClass: organization o: nodai dn: ou=LAS15,o=nodai,c=jp ou: LAS15 objectclass: top objectclass: organizationalUnit dn: uid=1111,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 1111 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=5555,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 5555 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=12345,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 12345 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=test,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: test l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900
注意:LDAP中userPassword节点的数据将会被SSHA加密。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- JAVA连接Domino服务器收发邮件代码示例
- JAVA NIO 服务器与客户端实现示例(代码1)
- JAVA AIO 服务器与客户端实现示例(代码2)
- 使用Java访问LDAP服务器中的数据信息
- JAVA连接Domino服务器收发邮件代码示例
- 如何用java代码访问远程web服务器(手写一个自己的httpClient)
- Vue+Jwt+SpringBoot+Ldap完成登录认证的示例代码
- Ldap登陆AD(Active Directory)进行认证的Java示例
- 【简记】Java Web 内幕——基于字节、字符的I/O(代码示例),磁盘I/O介绍,Java访问磁盘文件
- java实现memcache服务器的示例代码
- Java编程利用socket多线程访问服务器文件代码示例
- JAVA访问LDAP(openldap)的示例
- servlet 中 java 访问 Mysql 的代码示例
- Kafka使用Java客户端进行访问的示例代码
- Nginx中配置用户服务器访问认证的方法示例
- 【Todo】Java并发学习 & 示例练习及代码
- linux搭建java服务器,实现远程访问
- JAVA实现对服务器的访问的两种方法
- (译)java NIO 示例代码
- XPath详解及Java示例代码