如何在 Java 中为 LDAP 服务器提供密码认证?
[英]How to provide password authentication for LDAP server in Java?
问题描述
Okay, so I have most of the pieces, but I can't seem to put them together properly.
好的,所以我拥有大部分碎片,但我似乎无法将它们正确组合在一起。 I'm basically trying to protect database data with a simple authentication process (maybe with a GUI) to ensure that the correct people are viewing the data.我基本上是在尝试使用简单的身份验证过程(可能使用 GUI)来保护数据库数据,以确保正确的人正在查看数据。 Right now I'm using UnboundID to handle the actual authentication, although I am open to other methods such as JAAS.现在我正在使用 UnboundID 来处理实际的身份验证,尽管我对其他方法如 JAAS 持开放态度。 Here is the method that I wrote for that (the bypass is for testing purposes):这是我为此编写的方法(旁路用于测试目的):
public static boolean authenticate(String username, String password) {
if (username == null || password == null) {
return false;
}
if (username.equals("bypass") && password.equals("bypass")) {
return true;
}
try {
LDAPConnection conn = new LDAPConnection(AUTH_URL,AUTH_PORT);
BindRequest request = new SimpleBindRequest(username,password);
BindResult result = conn.bind(request);
return result.getResultCode().equals(ResultCode.SUCCESS);
} catch (LDAPException ex) {
ex.printStackTrace();
return false;
}
}
This code is obviously dangerous due to the fact that the password is being inputted as plaintext.由于密码是以明文形式输入的,因此这段代码显然很危险。 I did some digging and discovered that I should be using something like SSL for the actual request to protect the password.我做了一些挖掘,发现我应该使用 SSL 之类的东西来保护密码的实际请求。 This raised another question: if I'm sending the request via SSL, don't I still need to somehow supply the password in plaintext form before I send the request?这提出了另一个问题:如果我通过 SSL 发送请求,我是否仍然需要在发送请求之前以某种方式以明文形式提供密码? Isn't this dangerous?这不是很危险吗? I'm surprised something like password authentication isn't done by a simple API since so many applications need to be secure.我很惊讶密码认证不是由简单的 API 完成的,因为有这么多应用程序需要安全。 I'm very new to this stuff and would appreciate some guidance.我对这些东西很陌生,希望得到一些指导。 Thanks!谢谢!
2 个解决方案
解决方案1
1 2015-06-12 00:46:23
Use TLS everywhere including your LDAP connection.在任何地方使用 TLS,包括您的 LDAP 连接。 As long as you follow good TLS connection practices your connection is safe.只要您遵循良好的 TLS 连接实践,您的连接就是安全的。 -jim -吉姆
解决方案2
0 2015-06-15 14:36:02
You could use Stormpath's Servlet Plugin to authenticate your users.您可以使用Stormpath 的 Servlet 插件来验证您的用户。 You only need to follow these very simple steps to create your ready to use Web Application.您只需要按照 这些非常简单的步骤来创建您随时可用的 Web 应用程序。
You can also take the example Servlet App (completely Open Source) as the foundations for your Web App.您还可以将示例Servlet 应用程序(完全开源)作为您的 Web 应用程序的基础。
You will get:你会得到:
- Out of the box complete Web Application开箱即用的完整 Web 应用程序
- Complete User Management: user authentication, user management, user storage, workflows, etc.完整的用户管理:用户认证、用户管理、用户存储、工作流等。
- API Management API 管理
- Hassle free world-class Security无忧无虑的世界级安全
- Frequent free updates经常免费更新
In summary, the workflow will be like this.总之,工作流程将是这样的。 You will redirect your users to the Login page (orRegistration for them to sign up first).您将您的用户重定向到登录页面(或注册让他们先注册)。 Once your user is properly authenticated (via login) you can get your own code executed via the Next URI or theSuccessfulAuthenticationRequestEvent .一旦您的用户通过了正确的身份验证(通过登录),您就可以通过Next URI或SuccessfulAuthenticationRequestEvent 来执行您自己的代码。
Disclaimer, I am an active Stormpath contributor.免责声明,我是一名活跃的 Stormpath 贡献者。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.