请会LDAP服务器登陆验证的朋友帮忙指导下,为什么一只验证不通过
代码如下:import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
/**
*
* @author
*/
public class LdapHelper {
private static DirContext ctx;
@SuppressWarnings(value = "unchecked")
public static DirContext getCtx() {
String account = "nc0218"; //binddn
String password = "naveco.123"; //bindpwd
String root = "dc=scut,dc=edu,dc=cn"; // root
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://172.1.1.43:389/" + root);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, account+"@ncd.naveco.com.cn" );
env.put(Context.SECURITY_CREDENTIALS, password);
try {
// 链接ldap
ctx = new InitialDirContext(env);
System.out.println("认证成功");
} catch (javax.naming.AuthenticationException e) {
System.out.println("认证失败");
} catch (Exception e) {
System.out.println("认证出错:");
e.printStackTrace();
}
return ctx;
}
@SuppressWarnings(value = "unchecked")
public static boolean verifySHA(String ldappw, String inputpw)
throws NoSuchAlgorithmException {
// MessageDigest 提供了消息摘要算法,如 MD5 或 SHA,的功能,这里LDAP使用的是SHA-1
MessageDigest md = MessageDigest.getInstance("SHA-1");
// 取出加密字符
if (ldappw.startsWith("{SSHA}")) {
ldappw = ldappw.substring(6);
} else if (ldappw.startsWith("{SHA}")) {
ldappw = ldappw.substring(5);
}
// 解码BASE64
byte[] ldappwbyte = Base64.decode(ldappw);
byte[] shacode;
byte[] salt;
// 前20位是SHA-1加密段,20位后是最初加密时的随机明文
if (ldappwbyte.length <= 20) {
shacode = ldappwbyte;
salt = new byte[0];
} else {
shacode = new byte[20];
salt = new byte[ldappwbyte.length - 20];
System.arraycopy(ldappwbyte, 0, shacode, 0, 20);
System.arraycopy(ldappwbyte, 20, salt, 0, salt.length);
}
// 把用户输入的密码添加到摘要计算信息
md.update(inputpw.getBytes());
// 把随机明文添加到摘要计算信息
md.update(salt);
// 按SSHA把当前用户密码进行计算
byte[] inputpwbyte = md.digest();
// 返回校验结果
//return MessageDigest.isEqual(shacode, inputpwbyte);
return true;
}
public static boolean authenticate(String usr, String pwd) {
boolean success = false;
DirContext ctx = null;
try {
ctx = LdapHelper.getCtx();
SearchControls constraints = new SearchControls();
//constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration en = ctx.search("", "cn=" + usr, constraints); // 查询所有用户
while (en != null && en.hasMoreElements()) {
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
System.out.println("name: " + si.getName());
Attributes attrs = si.getAttributes();
if (attrs == null) {
System.out.println("No attributes");
} else {
Attribute attr = attrs.get("userPassword");
Object o = attr.get();
byte[] s = (byte[]) o;
String pwd2 = new String(s);
WebLogs.getLogger().info("----------"+pwd2);
success = LdapHelper.verifySHA(pwd2, pwd);
return success;
}
} else {
System.out.println(obj);
}
System.out.println();
}
ctx.close();
} catch (NoSuchAlgorithmException ex) {
try {
if (ctx != null) {
ctx.close();
}
} catch (NamingException namingException) {
namingException.printStackTrace();
}
// Logger.getLogger(DBAccess.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
try {
if (ctx != null) {
ctx.close();
}
} catch (NamingException namingException) {
namingException.printStackTrace();
}
// Logger.getLogger(LdapHelper.class.getName()).log(Level.SEVERE, null, ex);
}
return false;
}
public static void main(String[] args) {
//getCtx();
WebLogs.getLogger().info("-----------"+ LdapHelper.authenticate("az486","naveco.789"));
// LdapHelper lh=new LdapHelper();
// boolean bl=lh.authenticate("xxbtmp", "naveco.123");
// WebLogs.getLogger().info("---------"+bl);
}
}
目前不管使用什么账户和密码测试,都是返回的false,希望熟悉LDAP登陆验证的高手指导下,能在后面回复中给下代码么,谢谢
另外问下
com.report.service.PropertyItem;
com.report.vo.OrganizationalUnitDomain;
com.report.vo.UserDomain;
这3个文件的jar包在哪下载,找了好久没找到
[ 本帖最后由 leonardo38 于 2011-10-19 10:56 编辑 ]
搜索更多相关主题的帖子:
服务器 朋友 import
----------------解决方案--------------------------------------------------------