Java访问LDAP服务器认证代码示例
2009-05-27 16:33
495 查看
先参阅以前的文章:http://blog.csdn.net/kunshan_shenbin/archive/2007/12/21/1957775.aspx
代码示例如下:
application.properties
LdapConnector.java
测试用LDAP数据文件:
注意:LDAP中userPassword节点的数据将会被SSHA加密。
代码示例如下:
application.properties
ladp_ip_addr=192.168.2.8 ladp_port_num=389 ladp_username=yyyyy ladp_password=xxxxx ladp_database=ou=LAS15,o=nodai,c=jp
LdapConnector.java
package com.nauproject.apm.common; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Properties; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.Attributes; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; import com.sun.org.apache.xml.internal.security.utils.Base64; public class LdapConnector { public boolean loginLdapServer(String username, String password){ InputStream istream = getClass().getClassLoader().getResourceAsStream("application.properties"); Properties properties = new Properties(); try { properties.load(istream); istream.close(); } catch (IOException e) { e.printStackTrace(); } String ip = properties.getProperty("ladp_ip_addr");//IPアドレス String port = properties.getProperty("ladp_port_num");//ポート String ldap_user = properties.getProperty("ladp_username");//ユーザー名 String ldap_pwd = properties.getProperty("ladp_password");//パスワード String querybase = properties.getProperty("ladp_database"); Properties env = new Properties(); String ldapURL = "LDAP://" + ip + ":" + port; env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, ldap_user); env.put(Context.SECURITY_CREDENTIALS, ldap_pwd); env.put(Context.PROVIDER_URL, ldapURL); try { LdapContext ctx = new InitialLdapContext(env, null); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration<?> results = ctx.search(querybase, "uid=" + username, searchCtls); while (results.hasMoreElements()) { SearchResult sr = (SearchResult) results.next(); Attributes attributes = sr.getAttributes(); NamingEnumeration<?> pwds = attributes.get("userPassword").getAll(); while (pwds.hasMoreElements()) { byte[] ssha_pwd = (byte[])pwds.next(); if(verifyPassword(new String(ssha_pwd), password)){ return true; } } } ctx.close(); }catch (Exception e) { e.printStackTrace(); } return false; } public boolean verifyPassword(String digest, String password) throws Base64DecodingException { String alg = null; int size = 0; if (digest.regionMatches(true, 0, "{SHA}", 0, 5)) { digest = digest.substring(5); alg = "SHA-1"; size = 20; } else if (digest.regionMatches(true, 0, "{SSHA}", 0, 6)) { digest = digest.substring(6); alg = "SHA-1"; size = 20; } else if (digest.regionMatches(true, 0, "{MD5}", 0, 5)) { digest = digest.substring(5); alg = "MD5"; size = 16; } else if (digest.regionMatches(true, 0, "{SMD5}", 0, 6)) { digest = digest.substring(6); alg = "MD5"; size = 16; } try { MessageDigest mDigest = MessageDigest.getInstance(alg); if (mDigest == null) { return false; } byte[][] hs = split(Base64.decode(digest), size); byte[] hash = hs[0]; byte[] salt = hs[1]; mDigest.reset(); mDigest.update(password.getBytes()); mDigest.update(salt); byte[] pwhash = mDigest.digest(); return MessageDigest.isEqual(hash, pwhash); } catch (NoSuchAlgorithmException nsae) { return false; } } private byte[][] split(byte[] src, int n) { byte[] l; byte[] r; if (src.length <= n) { l = src; r = new byte[0]; } else { l = new byte ; r = new byte[src.length - n]; System.arraycopy(src, 0, l, 0, n); System.arraycopy(src, n, r, 0, r.length); } byte[][] lr = { l, r }; return lr; } }
测试用LDAP数据文件:
dn: c=jp objectClass: country objectClass: top c: jp dn: o=nodai,c=jp objectClass: top objectClass: organization o: nodai dn: ou=LAS15,o=nodai,c=jp ou: LAS15 objectclass: top objectclass: organizationalUnit dn: uid=1111,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 1111 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=5555,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 5555 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=12345,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: 12345 l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900 dn: uid=test,ou=LAS15,o=nodai,c=jp objectClass: person objectClass: inetorgperson objectClass: top objectClass: organizationalperson postalAddress: Aaccf Amar$01251 Chestnut Street$Panama City, DE 50369 initials: ASA street: 01251 Chestnut Street mobile: +1 010 154 3228 mail: user.0@maildomain.net employeeNumber: 0 pager: +1 779 041 6341 sn: Amar postalCode: 50369 userPassword: test l: Panama City description: This is the description for Aaccf Amar. cn: Aaccf Amar telephoneNumber: +1 685 622 6202 st: DE uid: user.0 givenName: Aaccf homePhone: +1 225 216 5900
注意:LDAP中userPassword节点的数据将会被SSHA加密。
相关文章推荐
- JAVA连接Domino服务器收发邮件代码示例
- JAVA NIO 服务器与客户端实现示例(代码1)
- JAVA AIO 服务器与客户端实现示例(代码2)
- 使用Java访问LDAP服务器中的数据信息
- JAVA连接Domino服务器收发邮件代码示例
- 如何用java代码访问远程web服务器(手写一个自己的httpClient)
- Vue+Jwt+SpringBoot+Ldap完成登录认证的示例代码
- Ldap登陆AD(Active Directory)进行认证的Java示例
- 【简记】Java Web 内幕——基于字节、字符的I/O(代码示例),磁盘I/O介绍,Java访问磁盘文件
- java实现memcache服务器的示例代码
- Java编程利用socket多线程访问服务器文件代码示例
- JAVA访问LDAP(openldap)的示例
- servlet 中 java 访问 Mysql 的代码示例
- Kafka使用Java客户端进行访问的示例代码
- Nginx中配置用户服务器访问认证的方法示例
- 【Todo】Java并发学习 & 示例练习及代码
- linux搭建java服务器,实现远程访问
- JAVA实现对服务器的访问的两种方法
- (译)java NIO 示例代码
- XPath详解及Java示例代码