Java 如何在Weblogic安全领域内访问OID/OAM中可用的所有用户属性?
我们已将OID/OAM配置为weblogic安全中的安全提供商 在检查用户属性时,只有用户id可见Java 如何在Weblogic安全领域内访问OID/OAM中可用的所有用户属性?,java,security,attributes,weblogic,oid,Java,Security,Attributes,Weblogic,Oid,我们已将OID/OAM配置为weblogic安全中的安全提供商 在检查用户属性时,只有用户id可见 如何使OID/OAM中可用的所有属性在Weblogic安全用户和组中可用?简短版本:按照说明使用JMX来获取配置的OID身份验证器MBean。然后可以使用该MBean获取必要的参数,以建立自己与OID的连接并遍历属性。您可能还想了解Java命名和目录操作 示例实现: package test; import java.util.Hashtable; import javax.managemen
如何使OID/OAM中可用的所有属性在Weblogic安全用户和组中可用?简短版本:按照说明使用JMX来获取配置的OID身份验证器MBean。然后可以使用该MBean获取必要的参数,以建立自己与OID的连接并遍历属性。您可能还想了解Java命名和目录操作 示例实现:
package test;
import java.util.Hashtable;
import javax.management.Descriptor;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.modelmbean.ModelMBeanInfo;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
public class OIDFromWLBean {
// The attribute you want to read (for a specific user)
private static final String ATTRIBUTE_NAME = "pwdChangedTime";
// The Class of the configured Authenticator Provider, here it is OID
// Check the API if you use something else
// API Docs:
// http://docs.oracle.com/cd/E12839_01/apirefs.1111/e13945/weblogic/security/providers/authentication/OracleInternetDirectoryAuthenticatorMBean.html
final String OID_AUTHENTICATOR_MBEAN_NAME = "weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBean";
// The rest here should be static and stay unchanged
private static final String COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private static final String INTERFACE_CLASS_NAME = "interfaceClassName";
private static final String AUTHENTICATION_PROVIDERS = "AuthenticationProviders";
private static final String DEFAULT_REALM = "DefaultRealm";
private static final String SECURITY_CONFIGURATION = "SecurityConfiguration";
private static final String DOMAIN_CONFIGURATION = "DomainConfiguration";
final String MBEAN_SERVER = "java:comp/env/jmx/domainRuntime";
final String DOMAIN_MBEAN_NAME = "com.bea:Name=DomainRuntimeService,Type=weblogic.management.mbeanservers.domainruntime.DomainRuntimeServiceMBean";
public String getAttribute(String username, String password) {
final MBeanServer connection = getConnection();
final ObjectName defaultAuthenticator = getAuthenticator(connection);
String rest = null;
try {
String host = getHost(defaultAuthenticator, connection);
String port = getPort(defaultAuthenticator, connection);
String userBaseDN = getUserBaseDN(defaultAuthenticator, connection);
DirContext ctx = getConnectionLdapOid(username, password, host, port, userBaseDN);
rest = getAttribute(ctx, "cn=" + username + "," + userBaseDN, username);
} catch (Exception ref) {
// Do something to handle that
}
return rest;
}
private MBeanServer getConnection() {
MBeanServer connection;
try {
InitialContext ctx = new InitialContext();
connection = (MBeanServer) ctx.lookup(MBEAN_SERVER);
} catch (Exception e) {
throw new RuntimeException(e);
}
return connection;
}
private ObjectName getAuthenticator(MBeanServer connection) {
ObjectName authenticator = null;
ObjectName[] authenticationProviders;
try {
ObjectName configurationMBeans = new ObjectName(DOMAIN_MBEAN_NAME);
ObjectName domain = (ObjectName) connection.getAttribute(configurationMBeans, DOMAIN_CONFIGURATION);
ObjectName security = (ObjectName) connection.getAttribute(domain, SECURITY_CONFIGURATION);
ObjectName realm = (ObjectName) connection.getAttribute(security, DEFAULT_REALM);
authenticationProviders = (ObjectName[]) connection.getAttribute(realm, AUTHENTICATION_PROVIDERS);
for (int p = 0; p < authenticationProviders.length; p++) {
ModelMBeanInfo info = (ModelMBeanInfo) connection.getMBeanInfo(authenticationProviders[p]);
Descriptor desc = info.getMBeanDescriptor();
String className = (String) desc.getFieldValue(INTERFACE_CLASS_NAME);
if (className.equals(OID_AUTHENTICATOR_MBEAN_NAME)) {
authenticator = authenticationProviders[p];
break;
}
}
} catch (Exception e) {
// Do something to handle that
}
return authenticator;
}
private DirContext getConnectionLdapOid(String username, String password, String host, String port, String userBaseDN) throws NamingException {
Hashtable<String, String> jndiProps = new Hashtable<String, String>();
jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY);
jndiProps.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port);
jndiProps.put(Context.SECURITY_AUTHENTICATION, "simple");
jndiProps.put(Context.SECURITY_PRINCIPAL, "cn=" + username + "," + userBaseDN);
jndiProps.put(Context.SECURITY_CREDENTIALS, password);
DirContext ctx = new InitialDirContext(jndiProps);
return ctx;
}
private String getHost(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
String result = (String) connection.getAttribute(defaultAuthenticator, "Host");
return result;
}
private String getPort(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
String result = ((Integer) connection.getAttribute(defaultAuthenticator, "Port")).toString();
return result;
}
private String getUserBaseDN(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
String result = (String) connection.getAttribute(defaultAuthenticator, "UserBaseDN");
return result;
}
@SuppressWarnings("rawtypes")
public static String getAttribute(DirContext ctx, String DN, String user) {
String attrName, attrValue = "";
String result = null;
try {
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
ctls.setReturningAttributes(new String[0]);
NamingEnumeration sre = null;
sre = ctx.search(DN, "cn=" + user, ctls);
if (!(sre != null && sre.hasMoreElements())) {
return null;
}
Attributes attrs = null;
String returnAttrs[] = { ATTRIBUTE_NAME };
attrs = ctx.getAttributes(DN, returnAttrs);
NamingEnumeration enu = attrs.getAll();
if ((enu != null) && enu.hasMore()) {
Attribute attr = (Attribute) enu.next();
attrName = attr.getID();
NamingEnumeration attrValues = attr.getAll();
if (attrValues.hasMore()) {
attrValue = (String) attrValues.next();
}
}
result = attrValue;
} catch (NamingException e) {
// Do something to handle that
}
return result;
}
}
封装测试;
导入java.util.Hashtable;
导入javax.management.Descriptor;
导入javax.management.MBeanServer;
导入javax.management.ObjectName;
导入javax.management.modelmbean.ModelMBeanInfo;
导入javax.naming.Context;
导入javax.naming.InitialContext;
导入javax.naming.NamingEnumeration;
导入javax.naming.NamingException;
导入javax.naming.directory.Attribute;
导入javax.naming.directory.Attributes;
导入javax.naming.directory.DirContext;
导入javax.naming.directory.InitialDirContext;
导入javax.naming.directory.SearchControls;
公共类:FromWLBean{
//要读取的属性(针对特定用户)
私有静态最终字符串属性\u NAME=“pwdChangedTime”;
//已配置的验证器提供程序的类,此处为OID
//如果您使用其他东西,请检查API
//API文档:
// http://docs.oracle.com/cd/E12839_01/apirefs.1111/e13945/weblogic/security/providers/authentication/OracleInternetDirectoryAuthenticatorMBean.html
最后一个字符串OID_AUTHENTICATOR_MBEAN_NAME=“weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorBean”;
//这里的其余部分应该是静态的,保持不变
私有静态最终字符串COM\u SUN\u JNDI\u LDAP\u CTX\u FACTORY=“COM.SUN.JNDI.LDAP.LdapCtxFactory”;
私有静态最终字符串接口\u CLASS\u NAME=“interfaceClassName”;
私有静态最终字符串身份验证\u PROVIDERS=“AuthenticationProviders”;
私有静态最终字符串DEFAULT\u REALM=“DefaultRealm”;
私有静态最终字符串安全性\u CONFIGURATION=“SecurityConfiguration”;
私有静态最终字符串DOMAIN_CONFIGURATION=“DomainConfiguration”;
最后一个字符串MBEAN_SERVER=“java:comp/env/jmx/domainRuntime”;
最后一个字符串DOMAIN_MBEAN_NAME=“com.bea:NAME=DomainRuntimeService,Type=weblogic.management.mbeanservers.domainruntime.domainruntimeservicebean”;
公共字符串getAttribute(字符串用户名、字符串密码){
最终MBeanServer连接=getConnection();
最终ObjectName defaultAuthenticator=getAuthenticator(连接);
字符串rest=null;
试一试{
String host=getHost(defaultAuthenticator,connection);
String port=getPort(defaultAuthenticator,connection);
字符串userBaseDN=getUserBaseDN(defaultAuthenticator,connection);
DirContext ctx=getConnectionDapoid(用户名、密码、主机、端口、userBaseDN);
rest=getAttribute(ctx,“cn=“+username+”,“+userBaseDN,username);
}捕获(异常参考){
//做点什么来处理这件事
}
返回休息;
}
私有MBeanServer getConnection(){
MBeanServer连接;
试一试{
InitialContext ctx=新的InitialContext();
连接=(MBeanServer)ctx.lookup(MBEAN_服务器);
}捕获(例外e){
抛出新的运行时异常(e);
}
回路连接;
}
私有ObjectName getAuthenticator(MBeanServer连接){
ObjectName验证器=null;
ObjectName[]authenticationProviders;
试一试{
ObjectName configurationMBeans=新的ObjectName(域名);
ObjectName域=(ObjectName)连接.getAttribute(configurationMBeans,domain\u配置);
ObjectName security=(ObjectName)connection.getAttribute(域、安全配置);
ObjectName领域=(ObjectName)connection.getAttribute(安全性,默认领域);
authenticationProviders=(ObjectName[])connection.getAttribute(领域,身份验证提供者);
for(int p=0;p