Fatal编程技术网
  • java/
  • 通过java检查Ldap服务器中的用户名和密码

通过java检查Ldap服务器中的用户名和密码

java authentication ldap

通过java检查Ldap服务器中的用户名和密码,java,authentication,ldap,distinguishedname,Java,Authentication,Ldap,Distinguishedname,我必须检查用户提供的用户名和密码是否与Ldap服务器正确匹配。我使用两种连接,第一种是从uid检索dn,第二种是使用dn和密码连接Ldap。 检索到的dn有问题,它没有正确的字段。 它回来了 cn=Lu Ca+sn=Ca+uid=luca+userPassword={SSHA}OiMBVTTZBPqnohYch9\+ISeVv\+5ucgxMR: null:null:No attributes 而不是 cn=Lu Ca+sn=Ca+uid=luca+userPassword={SSHA}OiM

我必须检查用户提供的用户名和密码是否与Ldap服务器正确匹配。我使用两种连接,第一种是从uid检索dn,第二种是使用dn和密码连接Ldap。 检索到的dn有问题,它没有正确的字段。 它回来了

cn=Lu Ca+sn=Ca+uid=luca+userPassword={SSHA}OiMBVTTZBPqnohYch9\+ISeVv\+5ucgxMR: null:null:No attributes
而不是

cn=Lu Ca+sn=Ca+uid=luca+userPassword={SSHA}OiMBVTTZBPqnohYch9\+ISeVv\+5ucgxMR,ou=people,dc=example,dc=com
如您所见,ou和dc没有返回,因此我的第二个查询失败。 这是我的密码

@Override
public void isAuthenticated(String username, String password) throws LdapException{
    String dn;
    Hashtable<String, Object> ldapEnv = new Hashtable<String, Object>();
    ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    ldapEnv.put(Context.PROVIDER_URL, env.getRequiredProperty(PROPERTY_NAME_LDAP_URL));
    ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
    ldapEnv.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
    ldapEnv.put(Context.SECURITY_CREDENTIALS, "secret");
    String[] returnAttribute = {"dn"};
    DirContext ctx = null;
    NamingEnumeration<SearchResult> results = null;
    try {
        ctx = new InitialDirContext(ldapEnv);
        SearchControls controls = new SearchControls();
        controls.setReturningAttributes(returnAttribute);
        controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        String filter = "uid=" + username ;
        results = ctx.search(env.getRequiredProperty(PROPERTY_NAME_LDAP_USERSEARCHBASE), filter, controls);
        if (results.hasMore())
            dn = results.nextElement().toString();
        else throw new LdapException("Wrong username. Please retry!");
    } catch (Exception e) {
        throw new LdapException(e);
    } finally {
        try{
            if (results != null)
                results.close();             
            if (ctx != null) 
                ctx.close();
        }catch(Exception e){
            throw new LdapException(e);
        }
    }
    Hashtable<String, Object> authEnv = new Hashtable<String, Object>();
    authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    authEnv.put(Context.PROVIDER_URL, env.getRequiredProperty(PROPERTY_NAME_LDAP_URL));
    authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
    authEnv.put(Context.SECURITY_PRINCIPAL, dn);
    authEnv.put(Context.SECURITY_CREDENTIALS, password);
    try {
        new InitialDirContext(authEnv);
    } catch (AuthenticationException authEx) {
        throw new LdapException("Authentication error. Password was wrong");
    } catch(Exception e){
        throw new LdapException(e);
    }
}
我也将这个值用于spring身份验证,但我有一个方法(发送大文件)只有在使用身份验证时才会失败,所以我想尝试使用java而不是spring进行身份验证 你知道我为什么会有这个问题吗?谢谢

更新:使用

dn = results.nextElement().getNameInNamespace();
这是jboss LDAP登录模块实现,您可以比较您的代码:

受保护的无效角色搜索(LdapContext ctx、SearchControls约束、字符串用户、字符串用户DN、,
int recursionMax,int嵌套)引发NamingException
{
LdapContext ldapCtx=ctx;
对象[]filterArgs={user,sanitizeDN(userDN)};
布尔refereralsexist=true;
while(性别歧视者){
NamingEnumeration results=ldapCtx.search(rolesCtxDN、roleFilter、filterArgs、约束);
尝试
{
while(results.hasMore())
{
SearchResult sr=(SearchResult)results.next();
字符串dn;
if(sr.isRelative()){
dn=规范化(sr.getName());
}
否则{
dn=sr.getNameInNamespace();
}
if(嵌套==0&&RoleAttributesDN&&roleNameAttributeID!=null)
{
if(parseRoleNameFromDN)
{
parseRole(dn);
}
其他的
{
//检查顶部上下文中的角色名称
字符串[]attrNames={roleNameAttributeID};
属性result2=null;
if(sr.isRelative()){
result2=ldapCtx.getAttributes(quoteDN(dn),attrNames);
}
否则{
结果2=getAttributesFromReferralEntity(sr、用户、用户DN);
}
属性roles2=(result2!=null?result2.get(roleNameAttributeID):null);
如果(角色2!=null)
{
对于(int m=0;m0)
{
属性角色=result.get(roleAttributeID);
对于(int n=0;n
这是jboss LDAP登录模块实现,您可以比较您的代码:

受保护的无效角色搜索(LdapContext ctx,搜索

dn = results.nextElement().getNameInNamespace();



  protected void rolesSearch(LdapContext ctx, SearchControls constraints, String user, String userDN,
         int recursionMax, int nesting) throws NamingException
   {
      LdapContext ldapCtx = ctx;

      Object[] filterArgs = {user, sanitizeDN(userDN)};
      boolean referralsExist = true;
      while (referralsExist) {
         NamingEnumeration results = ldapCtx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
         try
         {
            while (results.hasMore())
            {
               SearchResult sr = (SearchResult) results.next();

               String dn;
               if (sr.isRelative()) {
                  dn = canonicalize(sr.getName());
               }
               else {
                  dn = sr.getNameInNamespace();
               }
               if (nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null)
               {
                  if(parseRoleNameFromDN)
                  {
                     parseRole(dn);
                  }
                  else
                  {
                     // Check the top context for role names
                     String[] attrNames = {roleNameAttributeID};
                     Attributes result2 = null;
                     if (sr.isRelative()) {
                        result2 = ldapCtx.getAttributes(quoteDN(dn), attrNames);
                     }
                     else {
                        result2 = getAttributesFromReferralEntity(sr, user, userDN);
                     }
                     Attribute roles2 = (result2 != null ? result2.get(roleNameAttributeID) : null);
                     if( roles2 != null )
                     {
                        for(int m = 0; m < roles2.size(); m ++)
                        {
                           String roleName = (String) roles2.get(m);
                           addRole(roleName);
                        }
                     }
                  }
               }

               // Query the context for the roleDN values
               String[] attrNames = {roleAttributeID};
               Attributes result = null;
               if (sr.isRelative()) {
                  result = ldapCtx.getAttributes(quoteDN(dn), attrNames);
               }
               else {
                  result = getAttributesFromReferralEntity(sr, user, userDN); 
               }
               if (result != null && result.size() > 0)
               {
                  Attribute roles = result.get(roleAttributeID);
                  for (int n = 0; n < roles.size(); n++)
                  {
                     String roleName = (String) roles.get(n);
                     if(roleAttributeIsDN && parseRoleNameFromDN)
                     {
                         parseRole(roleName);
                     }
                     else if (roleAttributeIsDN)
                     {
                        // Query the roleDN location for the value of roleNameAttributeID
                        String roleDN = quoteDN(roleName);
                        String[] returnAttribute = {roleNameAttributeID};
                        try
                        {
                           Attributes result2 = null;
                           if (sr.isRelative()) {
                              result2 = ldapCtx.getAttributes(roleDN, returnAttribute);
                           }
                           else {
                              result2 = getAttributesFromReferralEntity(sr, user, userDN);
                           }

                           Attribute roles2 = (result2 != null ? result2.get(roleNameAttributeID) : null);
                           if (roles2 != null)
                           {
                              for (int m = 0; m < roles2.size(); m++)
                              {
                                 roleName = (String) roles2.get(m);
                                 addRole(roleName);
                              }
                           }
                        }
                        catch (NamingException e)
                        {
                           PicketBoxLogger.LOGGER.debugFailureToQueryLDAPAttribute(roleNameAttributeID, roleDN, e);
                        }
                     }
                     else
                     {
                        // The role attribute value is the role name
                        addRole(roleName);
                     }
                  }
               }

               if (nesting < recursionMax)
               {
                  rolesSearch(ldapCtx, constraints, user, dn, recursionMax, nesting + 1);
               }
            }
            referralsExist = false;
         }
         catch (ReferralException e) {
            ldapCtx = (LdapContext) e.getReferralContext();
         }
         finally
         {
            if (results != null)
               results.close();
         }
      } // while (referralsExist)
   }