使用JNDI / Java中的当前用户在LDAP上进行身份验证
[英]Authenticate on LDAP with current user in JNDI/Java
问题描述
I thought I'd find more about this topic but I didn't. 
我以为我会找到更多关于这个话题的内容,但我没有。
I have to write a java application that checks which ou a specific user is part of. 我必须编写一个java应用程序来检查特定用户是哪个用户。
But to authenticate with the server I can't ask for username and password and also can't store it in the source (or some other file). 但是要对服务器进行身份验证,我不能要求输入用户名和密码,也不能将其存储在源(或其他文件)中。
Is there a way with JNDI and Java to authenticate with the user who is currently logged in? 有没有办法让JNDI和Java与当前登录的用户进行身份验证?
3 个解决方案
解决方案1
2 2012-06-11 12:16:55
All you can do is check if there is some user with the same username than the user that is currently logged in your Java application. 您所能做的就是检查是否有一些用户的用户名与当前在Java应用程序中登录的用户相同。 You won't be able to check anything else without its password. 没有密码,您将无法检查其他任何内容。 To do this, you'll need the username and password of some ldap user that have permission to list other users. 为此,您需要一些有权列出其他用户的ldap用户的用户名和密码。 Then you can query the LDAP for your user. 然后,您可以为您的用户查询LDAP。
This is an example adapted from something I use, it checks against an active directory, so perhaps it will need some changes: 这是一个根据我使用的东西改编的例子,它检查一个活动目录,所以可能需要一些更改:
boolean userFound = user_exits("searchUser",
"searchPassword",
"(sAMAccountName={USERNAME})",
"ldap://ldap.mydomain.com",
"OU=MYOU,dc=mydomain,dc=com");
private boolean user_exits(String searchUser, String searchPassword,
String filter, String url, String baseDn) throws NamingException {
DirContext ctx = null;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, searchUser);
env.put(Context.SECURITY_CREDENTIALS, searchPassword);
try {
ctx = new InitialDirContext(env);
String[] attributeFilter = {};
SearchControls sc = new SearchControls();
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search(baseDn, filter, sc);
return results.hasMore();
} catch (NamingException e) {
throw e;
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {}
}
}
}
解决方案2
1 2012-06-11 13:10:08
If the LDAP client has an existing connection, use either the who am i? 如果LDAP客户端具有现有连接,请使用我是who am i? extended request, or the authorization identity request control to determine the authID of an existing connection - LDAP-compliant servers and the UnboundID LDAP SDK will support either method. 扩展请求或authorization identity request control以确定现有连接的authID - 符合LDAP的服务器和UnboundID LDAP SDK将支持这两种方法。 The who am i? who am i? extended request can be used at any time on a connection (assuming the authentication identity has permission to use the extended request) but the authorization identity request control can only be attached to a bind request. 扩展请求可以在连接上随时使用(假设身份验证标识具有使用扩展请求的权限),但authorization identity request control只能附加到绑定请求。
The use of the who am i? 使用who am i? extended request and the authorization identity request control are demonstrated in AuthDemo.java . AuthDemo.java中演示了扩展请求和authorization identity request control 。
See Also 也可以看看
解决方案3
0 已采纳 2012-06-18 06:46:50
由于似乎没有真正的解决方案,我现在开始在脚本/工具的开头请求登录信息并在需要时使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.