• <small id='0Nn7U'></small><noframes id='0Nn7U'>

    <tfoot id='0Nn7U'></tfoot>

    <legend id='0Nn7U'><style id='0Nn7U'><dir id='0Nn7U'><q id='0Nn7U'></q></dir></style></legend>
    <i id='0Nn7U'><tr id='0Nn7U'><dt id='0Nn7U'><q id='0Nn7U'><span id='0Nn7U'><b id='0Nn7U'><form id='0Nn7U'><ins id='0Nn7U'></ins><ul id='0Nn7U'></ul><sub id='0Nn7U'></sub></form><legend id='0Nn7U'></legend><bdo id='0Nn7U'><pre id='0Nn7U'><center id='0Nn7U'></center></pre></bdo></b><th id='0Nn7U'></th></span></q></dt></tr></i><div id='0Nn7U'><tfoot id='0Nn7U'></tfoot><dl id='0Nn7U'><fieldset id='0Nn7U'></fieldset></dl></div>

        <bdo id='0Nn7U'></bdo><ul id='0Nn7U'></ul>
      1. jndi LDAPS 自定义 HostnameVerifier 和 TrustManager

        jndi LDAPS custom HostnameVerifier and TrustManager(jndi LDAPS 自定义 HostnameVerifier 和 TrustManager)

          1. <tfoot id='eYgb6'></tfoot>
              <tbody id='eYgb6'></tbody>

          2. <small id='eYgb6'></small><noframes id='eYgb6'>

              <i id='eYgb6'><tr id='eYgb6'><dt id='eYgb6'><q id='eYgb6'><span id='eYgb6'><b id='eYgb6'><form id='eYgb6'><ins id='eYgb6'></ins><ul id='eYgb6'></ul><sub id='eYgb6'></sub></form><legend id='eYgb6'></legend><bdo id='eYgb6'><pre id='eYgb6'><center id='eYgb6'></center></pre></bdo></b><th id='eYgb6'></th></span></q></dt></tr></i><div id='eYgb6'><tfoot id='eYgb6'></tfoot><dl id='eYgb6'><fieldset id='eYgb6'></fieldset></dl></div>
                <legend id='eYgb6'><style id='eYgb6'><dir id='eYgb6'><q id='eYgb6'></q></dir></style></legend>

                  <bdo id='eYgb6'></bdo><ul id='eYgb6'></ul>
                • 本文介绍了jndi LDAPS 自定义 HostnameVerifier 和 TrustManager的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我们正在编写一个连接到不同 LDAP 服务器的应用程序.对于每台服务器,我们可能只接受某个证书.该证书中的主机名无关紧要.当我们使用 LDAP 和 STARTTLS 时,这很容易,因为我们可以使用 StartTlsResponse.setHostnameVerifier(..-) 并使用 StartTlsResponse.negotiate(...) 匹配SSLSocketFactory.但是,我们还需要支持 LDAPS 连接.Java 本机支持这一点,但前提是服务器证书受默认 java 密钥库信任.虽然我们可以替换它,但我们仍然不能为不同的服务器使用不同的密钥库.

                  We are writing an application that shall connect to different LDAP servers. For each server we may only accept a certain certificate. The hostname in that certificate shall not matter. This is easy, when we use LDAP and STARTTLS, because we can use StartTlsResponse.setHostnameVerifier(..-) and use StartTlsResponse.negotiate(...) with a matching SSLSocketFactory. However we also need to support LDAPS connections. Java supports this natively, but only if the server certificate is trusted by the default java keystore. While we could replace that, we still cannot use different keystores for different servers.

                  现有的连接代码如下:

                  Hashtable<String,String> env = new Hashtable<String,String>();
                  env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
                  env.put( Context.PROVIDER_URL, ( encryption == SSL ? "ldaps://" : "ldap://" ) + host + ":" + port );
                  if ( encryption == SSL ) {
                      // env.put( "java.naming.ldap.factory.socket", "CustomSocketFactory" );
                  }
                  ctx = new InitialLdapContext( env, null );
                  if ( encryption != START_TLS )
                      tls = null;
                  else {
                      tls = (StartTlsResponse) ctx.extendedOperation( new StartTlsRequest() );
                      tls.setHostnameVerifier( hostnameVerifier );
                      tls.negotiate( sslContext.getSocketFactory() );
                  }
                  

                  我们可以添加自己的CustomSocketFactory,但是如何传递信息呢?

                  We could add out own CustomSocketFactory, but how to pass information to that?

                  推荐答案

                  对于其他人有同样的问题:我为我的情况找到了一个非常丑陋的解决方案:

                  For others have the same problem: I found a very ugly solution for my case:

                  import javax.net.SocketFactory;
                  
                  public abstract class ThreadLocalSocketFactory
                    extends SocketFactory
                  {
                  
                    static ThreadLocal<SocketFactory> local = new ThreadLocal<SocketFactory>();
                  
                    public static SocketFactory getDefault()
                    {
                      SocketFactory result = local.get();
                      if ( result == null )
                        throw new IllegalStateException();
                      return result;
                    }
                  
                    public static void set( SocketFactory factory )
                    {
                      local.set( factory );
                    }
                  
                    public static void remove()
                    {
                      local.remove();
                    }
                  
                  }
                  

                  像这样使用它:

                  env.put( "java.naming.ldap.factory.socket", ThreadLocalSocketFactory.class.getName() );
                  ThreadLocalSocketFactory.set( sslContext.getSocketFactory() );
                  try {
                    ctx = new InitialLdapContext( env, null );
                  } finally {
                    ThreadLocalSocketFactory.remove();
                  }
                  

                  不太好,但它有效.JNDI 在这里应该更灵活...

                  Not nice, but it works. JNDI should be more flexible here...

                  这篇关于jndi LDAPS 自定义 HostnameVerifier 和 TrustManager的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Slf4j LoggerFactory.getLogger and sonarqube(Slf4j LoggerFactory.getLogger 和 sonarqube)
                  Security - Array is stored directly(安全性 - 数组直接存储)
                  SonarQube quot;Class Not Foundquot; during Main AST Scan(SonarQube“找不到类在主 AST 扫描期间)
                  Integrate Spock#39;s test with Sonar(将 Spock 的测试与声纳集成)
                  How do I make Hudson/Jenkins fail if Sonar thresholds are breached?(如果违反声纳阈值,我如何让 Hudson/Jenkins 失败?)
                  automatically add curly brackets to all if/else/for/while etc. in a java code-base(自动将大括号添加到 java 代码库中的所有 if/else/for/while 等)
                    <tbody id='YtHSE'></tbody>
                  • <legend id='YtHSE'><style id='YtHSE'><dir id='YtHSE'><q id='YtHSE'></q></dir></style></legend>

                    <tfoot id='YtHSE'></tfoot>

                      <i id='YtHSE'><tr id='YtHSE'><dt id='YtHSE'><q id='YtHSE'><span id='YtHSE'><b id='YtHSE'><form id='YtHSE'><ins id='YtHSE'></ins><ul id='YtHSE'></ul><sub id='YtHSE'></sub></form><legend id='YtHSE'></legend><bdo id='YtHSE'><pre id='YtHSE'><center id='YtHSE'></center></pre></bdo></b><th id='YtHSE'></th></span></q></dt></tr></i><div id='YtHSE'><tfoot id='YtHSE'></tfoot><dl id='YtHSE'><fieldset id='YtHSE'></fieldset></dl></div>

                      <small id='YtHSE'></small><noframes id='YtHSE'>

                        <bdo id='YtHSE'></bdo><ul id='YtHSE'></ul>