java操作ad域 免证书
生活随笔
收集整理的這篇文章主要介紹了
java操作ad域 免证书
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
為什么80%的碼農(nóng)都做不了架構(gòu)師?>>> ??
只提供免證書的認證部分,操作部分可以百度。
認證部分,得到context即可對域進行各種操作;
/*** 本文章是針對java JNDI方式操作ldap服務(wù)器。* 這里給出一個關(guān)鍵的片段,通過這段代碼獲取的Context是可以免證書的進行操作遠程AD域的,我之前就是通過證書方式的,一大堆復雜的操作導出什么密鑰庫之類的。且證書1年就失效了還 要企業(yè)根證書才行,很多限制!后來花了很多心思才找到這個方法。* DummySSLSocketFactory 這個類我放外面好了方便猿友們導出,這段代碼就是獲取連接,我就沒管那么多了直接貼了方法上來。* 獲取AD上下文對象* @param res* @return*/public final static LDAPDirContext getContext(ResourceBean res){LDAPDirContext context = null;try {Properties mEnv = new Properties();mEnv.put(Context.AUTHORITATIVE, "true");mEnv.put(Context.SECURITY_PROTOCOL, "ssl");mEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");mEnv.put(Context.PROVIDER_URL, res.getExpand("url"));//mEnv.put(Context.SECURITY_AUTHENTICATION, "simple");mEnv.put(Context.SECURITY_PRINCIPAL, res.getUserName());// administrator@test.commEnv.put(Context.SECURITY_CREDENTIALS, res.getPassWord());//關(guān)鍵代碼,注意對應(yīng)的DummySSLSocketFactory這個類的包路徑要正確,mEnv.put("java.naming.ldap.factory.socket", “org.utils.ad.DummySSLSocketFactory");context = new LDAPDirContext(mEnv);} catch (Exception e) {e.printStackTrace();context = null;System.out.println("AD域認證失敗!");}return context;}認證類,直接復制到工具類下即可,check**方法中沒有任何操作,既信任任何證書:
package org.utils.ad;import java.security.cert.*; import javax.net.ssl.*; import java.security.cert.X509Certificate; public class DummyTrustManager implements X509TrustManager {public void checkClientTrusted( X509Certificate[] cert, String authType) {return;}public void checkServerTrusted( X509Certificate[] cert, String authType) {return;}public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];} }?
package org.utils.ad; import java.security.cert.X509Certificate; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import javax.net.ssl.*; import javax.net.SocketFactory;public class DummySSLSocketFactory extends SSLSocketFactory {private SSLSocketFactory factory;public DummySSLSocketFactory() {try {SSLContext sslcontext = SSLContext.getInstance("TLS");sslcontext.init( null, // No KeyManager requirednew TrustManager[] { new DummyTrustManager()},new java.security.SecureRandom());factory = ( SSLSocketFactory) sslcontext.getSocketFactory();} catch( Exception ex) { ex.printStackTrace(); }}public static SocketFactory getDefault() {return new DummySSLSocketFactory();}public Socket createSocket( Socket socket, String s, int i, boolean flag) throws IOException {return factory.createSocket( socket, s, i, flag);}public Socket createSocket( InetAddress inaddr, int i, InetAddress inaddr1, int j) throws IOException {return factory.createSocket( inaddr, i, inaddr1, j);}public Socket createSocket( InetAddress inaddr, int i) throws IOException {return factory.createSocket( inaddr, i);}public Socket createSocket( String s, int i, InetAddress inaddr, int j) throws IOException {return factory.createSocket( s, i, inaddr, j);}public Socket createSocket( String s, int i) throws IOException {return factory.createSocket( s, i);}public String[] getDefaultCipherSuites() {return factory.getSupportedCipherSuites();}public String[] getSupportedCipherSuites() {return factory.getSupportedCipherSuites();}}測試可以正常使用windows的域操作。
?
轉(zhuǎn)載于:https://my.oschina.net/qiaojj/blog/2251630
總結(jié)
以上是生活随笔為你收集整理的java操作ad域 免证书的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: HTTP权威指南记录 ---- We
- 下一篇: nc 传输文件和目录