问题描述
我在带有ldap的tomcat上有一个Java应用程序,我可以毫无问题地进行身份验证。现在,我的公司将在ldap上插入ssl层,因此我需要使用ldaps。是否有建议忽略ldaps服务器的证书和信任证书?
这是我的适用于ldap的代码
final String ldapAdServer = "ldap://my_ldap_url:3268";
final String ldapSearchBase = "Ldap_search_base";
//need a default user to be able to do query on AD
final String ldapUsername = "username_path_AD";
final String ldapPassword = "password_path_AD";
Hashtable<String,Object> env = new Hashtable<String,Object>();
env.put(Context.SECURITY_AUTHENTICATION,"simple");
if(ldapUsername != null) {
env.put(Context.SECURITY_PRINCIPAL,ldapUsername);
}
if(ldapPassword != null) {
env.put(Context.SECURITY_CREDENTIALS,ldapPassword);
}
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,ldapAdServer);
//ensures that objectSID attribute values
//will be returned as a byte[] instead of a String
env.put("java.naming.ldap.attributes.binary","objectSID");
LdapContext ctx = new InitialLdapContext(env,null);
return ctx;
现在,我尝试创建此类以信任所有证书:
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SSLFix {
public static void execute(){
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] arg0,String arg1)
throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] arg0,String arg1)
throws CertificateException {}
}
};
SSLContext sc=null;
try {
sc = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
sc.init(null,trustAllCerts,new java.security.SecureRandom());
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier validHosts = new HostnameVerifier() {
@Override
public boolean verify(String arg0,SSLSession arg1) {
return true;
}
};
// All hosts will be valid
HttpsURLConnection.setDefaultHostnameVerifier(validHosts);
}
}
,所以我决定用以下方式更改我以前的ldap代码:
public LdapContext getLDAPContext() throws NamingException
{
SSLFix.execute();
final String ldapAdServer = "ldaps://my_ldap_url:3269";
final String ldapSearchBase = "ldap_search_base";
//need a default user to be able to do query on AD
final String ldapUsername = "username_path_AD";
final String ldapPassword = "password_path_AD";
Hashtable<String,Object>();
env.put(Context.SECURITY_AUTHENTICATION,"simple");
if(ldapUsername != null) {
env.put(Context.SECURITY_PRINCIPAL,ldapUsername);
}
if(ldapPassword != null) {
env.put(Context.SECURITY_CREDENTIALS,ldapPassword);
}
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,ldapAdServer);
//ensures that objectSID attribute values
//will be returned as a byte[] instead of a String
env.put("java.naming.ldap.attributes.binary","objectSID");
LdapContext ctx = new InitialLdapContext(env,null);
return ctx;
}
但是当我对ldaps执行控制时,会出现此错误:
javax.naming.CommunicationException:简单绑定失败:[Root异常是javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到所请求目标的有效认证路径]
有人知道我该如何解决这个问题?
多谢建议
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)