JNDI身份验证在普通java类中失败,但在Spring中通过
这听起来可能很愚蠢,但我遇到了这种行为。我正在使用JNDI进行LDAP身份验证。我有一个演示程序设置,其中身份验证在提供不正确的凭据时失败,但在Spring controller方法中似乎也是如此(我正在从react应用程序进行post调用) 普通Java实现JNDI身份验证在普通java类中失败,但在Spring中通过,java,spring,spring-boot,ldap,jndi,Java,Spring,Spring Boot,Ldap,Jndi,这听起来可能很愚蠢,但我遇到了这种行为。我正在使用JNDI进行LDAP身份验证。我有一个演示程序设置,其中身份验证在提供不正确的凭据时失败,但在Spring controller方法中似乎也是如此(我正在从react应用程序进行post调用) 普通Java实现 import java.util.Properties; import javax.naming.NamingException; import javax.naming.directory.DirContext; import jav
import java.util.Properties;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class Demo {
public static void main(String[] args) {
Properties environment = new Properties();
String userDomain = "@region.company.net";
environment.setProperty(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.setProperty(DirContext.PROVIDER_URL, "ldap://region.company.net:3268");
environment.setProperty(DirContext.SECURITY_AUTHENTICATION, "simple");
environment.setProperty(DirContext.SECURITY_PRINCIPAL, "userId"+userDomain);
environment.setProperty(DirContext.SECURITY_CREDENTIALS, "wrongPassword");
try {
DirContext context = new InitialDirContext(environment);
System.out.println("Authentication Successful !!!\n\n");
} catch (NamingException e) {
System.out.println("Authentication Failed !!!\n\n");
e.printStackTrace();
}
}
}
@PostMapping("/authenticateUser")
public String authenticateUser(@RequestBody HashMap<String, String> user) {
Properties environment = new Properties();
String userDomain = "@region.company.net";
environment.setProperty(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.setProperty(DirContext.PROVIDER_URL, "ldap://region.company.net:3268");
environment.setProperty(DirContext.SECURITY_AUTHENTICATION, "simple");
// environment.setProperty(DirContext.SECURITY_PRINCIPAL, "userId"+userDomain);
environment.setProperty(DirContext.SECURITY_CREDENTIALS, "wrongPassword");
try {
DirContext context = new InitialDirContext(environment);
System.out.println("Authentication Successful !!!\n\n");
} catch (NamingException e) {
System.out.println("Authentication Failed !!!\n\n");
e.printStackTrace();
}
return "Method executed successfully";
}
控制器实施
import java.util.Properties;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class Demo {
public static void main(String[] args) {
Properties environment = new Properties();
String userDomain = "@region.company.net";
environment.setProperty(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.setProperty(DirContext.PROVIDER_URL, "ldap://region.company.net:3268");
environment.setProperty(DirContext.SECURITY_AUTHENTICATION, "simple");
environment.setProperty(DirContext.SECURITY_PRINCIPAL, "userId"+userDomain);
environment.setProperty(DirContext.SECURITY_CREDENTIALS, "wrongPassword");
try {
DirContext context = new InitialDirContext(environment);
System.out.println("Authentication Successful !!!\n\n");
} catch (NamingException e) {
System.out.println("Authentication Failed !!!\n\n");
e.printStackTrace();
}
}
}
@PostMapping("/authenticateUser")
public String authenticateUser(@RequestBody HashMap<String, String> user) {
Properties environment = new Properties();
String userDomain = "@region.company.net";
environment.setProperty(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.setProperty(DirContext.PROVIDER_URL, "ldap://region.company.net:3268");
environment.setProperty(DirContext.SECURITY_AUTHENTICATION, "simple");
// environment.setProperty(DirContext.SECURITY_PRINCIPAL, "userId"+userDomain);
environment.setProperty(DirContext.SECURITY_CREDENTIALS, "wrongPassword");
try {
DirContext context = new InitialDirContext(environment);
System.out.println("Authentication Successful !!!\n\n");
} catch (NamingException e) {
System.out.println("Authentication Failed !!!\n\n");
e.printStackTrace();
}
return "Method executed successfully";
}
@PostMapping(“/authenticateUser”)
公共字符串验证器(@RequestBody HashMap user){
属性环境=新属性();
字符串userDomain=“@region.company.net”;
setProperty(DirContext.INITIAL_CONTEXT_工厂,“com.sun.jndi.ldap.LdapCtxFactory”);
environment.setProperty(DirContext.PROVIDER\u URL,“ldap://region.company.net:3268");
setProperty(DirContext.SECURITY_身份验证,“simple”);
//environment.setProperty(DirContext.SECURITY_主体,“userId”+userDomain);
setProperty(DirContext.SECURITY_凭证,“错误密码”);
试一试{
DirContext context=新的初始DirContext(环境);
System.out.println(“身份验证成功!!!\n\n”);
}捕获(NamingE例外){
System.out.println(“身份验证失败!!!\n\n”);
e、 printStackTrace();
}
返回“方法执行成功”;
}
在提供了错误的密码后,如果我执行此代码,它将打印身份验证失败代码>这是预期的,但当我在控制器的方法中插入相同的代码时,它会打印身份验证成功代码>
两个人的行为不应该是一样的吗?我觉得这种行为很奇怪。也许,我忽略了什么
编辑1:开始
在Spring控制器的情况下,设置SECURITY\u PRINCIPAL
的行似乎被注释掉了。我已经注释掉了那部分代码。
这就引出了另一个问题,为什么它从未抛出任何例外?
我不确定我是否应该在另一个帖子里问这个问题
通过传递用户名
(如abc@xyz.com)作为SECURRITY\u PRINCIPAL
还是应该通过入口路径
编辑1:END运行Spring场景时,您的应用程序.properties
文件中是否有任何JNDI配置?我刚刚更新了OP。出现了这个愚蠢的错误。