堆栈内存溢出
  简体   繁体   English

从Spring在LDAP中设置SSHA密码

[英]Setting a SSHA Password in LDAP from Spring

 原文  2013-11-26 15:17:45       java/ spring/ security/ ldap/ apacheds

问题描述

I am having problems working out how to save a password in an Apache DS LDAP in an SSHA hash instead of plain text. 我在解决如何使用SSHA哈希而不是纯文本在Apache DS LDAP中保存密码时遇到问题。 As far as I can tell, the correct way to go about it should be configuring Apache DS to use SSHA to store passwords and then when setting the password send only the plain Text. 据我所知,正确的方法应该是配置Apache DS以使用SSHA存储密码,然后在设置密码时只发送纯文本。 However, I can't work out how to configure Apache DS to do this. 但是,我无法弄清楚如何配置Apache DS来执行此操作。

I have pushed the Hashed password into the LDAP (Using an Admin interface to the LDAP) and Apache DS correctly authenticates against the correct password. 我已将Hashed密码推送到LDAP(使用LDAP的管理界面),Apache DS正确地验证了正确的密码。 However I need to insert the password from our Java application. 但是我需要从Java应用程序中插入密码。 This can't be an unusual request so I must be missing something. 这不是一个不寻常的请求所以我必须遗漏一些东西。

Here is my code for setting the password from java using the LdapTemplate interface from org.springframework.ldap.core 这是我使用org.springframework.ldap.core中的LdapTemplate接口从java设置密码的代码 

public void storeNewPassword(final String userId, final String password) {

    final DistinguishedName dn = new DistinguishedName("dc=users,dc=pms,dc=com");
    dn.add("uid", userId);

    Attribute pass = new BasicAttribute("userpassword", password);

    final ModificationItem mi = new ModificationItem(
        DirContext.REPLACE_ATTRIBUTE,
        pass);
    ldapTemplate.modifyAttributes(dn, new ModificationItem[] {mi});

}

The Above code correctly sets the password, but when I look at the Apache DS Server I see that the password has been saved in plain text: 上面的代码正确设置了密码,但是当我查看Apache DS Server时,我发现密码已经以纯文本格式保存:

Please can someone verify whether this is the correct approach for setting passwords, and suggest how I can configure Apache DS to apply SSHA to passwords it receives. 请有人验证这是否是设置密码的正确方法,并建议我如何配置Apache DS以将SSHA应用于它接收的密码。

Thanks 谢谢

1 个解决方案

解决方案1
 3  

You as the client are responsible to hash and encode the password. 您作为客户端负责对密码进行哈希和编码。 The server just stores it like any other attribute. 服务器只是像任何其他属性一样存储它。

If you want to hash the password using MD5, you can use code like this: 如果要使用MD5散列密码,可以使用以下代码: 

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;

public class PasswordUtil {
  public String hashAndEncodePassword(String password) {
    final byte[] md5 = DigestUtils.md5(password.trim().getBytes("UTF-8"));
    final byte[] base64 = Base64.encodeBase64(md5);
    final String hashedAndEncoded = new String(base64, "ASCII");
    return "{MD5}" + hashedAndEncoded;
  }
}

If you want to use a different hash algorithm, you must change the use of DigestUtils.md5 to the proper method. 如果要使用其他哈希算法,则必须将DigestUtils.md5的使用DigestUtils.md5为正确的方法。

If you want to use a salted algorighm like {SSHA} , you must adapt the code, too. 如果你想使用像{SSHA}这样的盐渍算法,你也必须调整代码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JNDI LDAP如何解码SSHA密码 - JNDI LDAP How to decode SSHA password 用于LDAP的ssha中用于密码加密的java方法 - java method for password encrypt in ssha for LDAP Java Spring LDAP-警告LDAP密码已过期 - Java spring LDAP - Waring LDAP password expire Spring Security LDAP 认证用户名和密码来自登录表单 - Spring Security Ldap authentication userDn and password from login form 如何在 Spring 中重置 LDAP 密码(忘记密码) - How to reset an LDAP password in Spring (Forgotten password) 春季启动和使用SHA512密码的LDAP - Spring boot and LDAP with SHA512 password 在ldap查询上设置超时以确保Spring安全 - Setting timeout on ldap query for spring security Spring LDAP,在Java中设置连接详细信息 - Spring LDAP, setting connection details in java 如何在Spring ldap中实现编码(SHA)密码 - How to implement encoded (SHA) password in spring ldap 如何使用Spring Ldap模板更新密码? - How update password with Spring Ldap template?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM