Java免证书进行ldaps身份认证-转载
只提供免证书的认证部分,操作部分可以百度。
认证部分,得到context即可对域进行各种操作;
/**
* 本文章是针对java JNDI方式操作ldap服务器。
* 这里给出一个关键的片段,通过这段代码获取的Context是可以免证书的进行操作远程AD域的,我之前就是通过证书方式的,一大堆复杂的操作导出什么密钥库之类的。且证书1年就失效了还 要企业根证书才行,很多限制!后来花了很多心思才找到这个方法。
* DummySSLSocketFactory 这个类我放外面好了方便猿友们导出,这段代码就是获取连接,我就没管那么多了直接贴了方法上来。
* 获取AD上下文对象
* @param res
* @return
*/
public final static LDAPDirContext getContext(ResourceBean res){
LDAPDirContext context = null;
try {
Properties mEnv = new Properties();
mEnv.put(Context.AUTHORITATIVE, "true");
mEnv.put(Context.SECURITY_PROTOCOL, "ssl");
mEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
mEnv.put(Context.PROVIDER_URL, res.getExpand("url"));//
mEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
mEnv.put(Context.SECURITY_PRINCIPAL, res.getUserName());// administrator@test.com
mEnv.put(Context.SECURITY_CREDENTIALS, res.getPassWord());
//关键代码,注意对应的DummySSLSocketFactory这个类的包路径要正确,
mEnv.put("java.naming.ldap.factory.socket", “org.utils.ad.DummySSLSocketFactory");
context = new LDAPDirContext(mEnv);
} catch (Exception e) {
e.printStackTrace();
context = null;
System.out.println("AD域认证失败!");
}
return context;
}
认证类,直接复制到工具类下即可,check**方法中没有任何操作,既信任任何证书:
package org.utils.ad;
import java.security.cert.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
public class DummyTrustManager implements X509TrustManager {
public void checkClientTrusted( X509Certificate[] cert, String authType) {
return;
}
public void checkServerTrusted( X509Certificate[] cert, String authType) {
return;
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
DummySSLSocketFactory类的实现。
package org.utils.ad;
import java.security.cert.X509Certificate;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import javax.net.ssl.*;
import javax.net.SocketFactory;
public class DummySSLSocketFactory extends SSLSocketFactory {
private SSLSocketFactory factory;
public DummySSLSocketFactory() {
try {
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init( null, // No KeyManager required
new TrustManager[] { new DummyTrustManager()},
new java.security.SecureRandom());
factory = ( SSLSocketFactory) sslcontext.getSocketFactory();
} catch( Exception ex) { ex.printStackTrace(); }
}
public static SocketFactory getDefault() {
return new DummySSLSocketFactory();
}
public Socket createSocket( Socket socket, String s, int i, boolean flag) throws IOException {
return factory.createSocket( socket, s, i, flag);
}
public Socket createSocket( InetAddress inaddr, int i, InetAddress inaddr1, int j) throws IOException {
return factory.createSocket( inaddr, i, inaddr1, j);
}
public Socket createSocket( InetAddress inaddr, int i) throws IOException {
return factory.createSocket( inaddr, i);
}
public Socket createSocket( String s, int i, InetAddress inaddr, int j) throws IOException {
return factory.createSocket( s, i, inaddr, j);
}
public Socket createSocket( String s, int i) throws IOException {
return factory.createSocket( s, i);
}
public String[] getDefaultCipherSuites() {
return factory.getSupportedCipherSuites();
}
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
}
测试可以正常使用windows的域操作。
转载于:https://my.oschina.net/qiaojj/blog/2251630