当前位置: 代码迷 >> Java Web开发 >> 请会LDAP服务器登陆验证的朋友帮忙指导下,为什么一只验证不通过
  详细解决方案

请会LDAP服务器登陆验证的朋友帮忙指导下,为什么一只验证不通过

热度:353   发布时间:2011-10-19 10:52:55.0
请会LDAP服务器登陆验证的朋友帮忙指导下,为什么一只验证不通过
代码如下:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;

/**
*
* @author
*/
public class LdapHelper {

    private static DirContext ctx;

    @SuppressWarnings(value = "unchecked")
    public static DirContext getCtx() {
        String account = "nc0218"; //binddn
        String password = "naveco.123";    //bindpwd
        String root = "dc=scut,dc=edu,dc=cn"; // root
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://172.1.1.43:389/" + root);
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, account+"@ncd.naveco.com.cn" );
        env.put(Context.SECURITY_CREDENTIALS, password);
        try {
            // 链接ldap
            ctx = new InitialDirContext(env);
            System.out.println("认证成功");
        } catch (javax.naming.AuthenticationException e) {
            System.out.println("认证失败");
        } catch (Exception e) {
            System.out.println("认证出错:");
            e.printStackTrace();
        }
        return ctx;
    }
   
    @SuppressWarnings(value = "unchecked")
    public static boolean verifySHA(String ldappw, String inputpw)
            throws NoSuchAlgorithmException {

        // MessageDigest 提供了消息摘要算法,如 MD5 或 SHA,的功能,这里LDAP使用的是SHA-1
        MessageDigest md = MessageDigest.getInstance("SHA-1");

        // 取出加密字符
        if (ldappw.startsWith("{SSHA}")) {
            ldappw = ldappw.substring(6);
        } else if (ldappw.startsWith("{SHA}")) {
            ldappw = ldappw.substring(5);
        }

        // 解码BASE64
        byte[] ldappwbyte = Base64.decode(ldappw);
        byte[] shacode;
        byte[] salt;

        // 前20位是SHA-1加密段,20位后是最初加密时的随机明文
        if (ldappwbyte.length <= 20) {
            shacode = ldappwbyte;
            salt = new byte[0];
        } else {
            shacode = new byte[20];
            salt = new byte[ldappwbyte.length - 20];
            System.arraycopy(ldappwbyte, 0, shacode, 0, 20);
            System.arraycopy(ldappwbyte, 20, salt, 0, salt.length);
        }

        // 把用户输入的密码添加到摘要计算信息
        md.update(inputpw.getBytes());
        // 把随机明文添加到摘要计算信息
        md.update(salt);

        // 按SSHA把当前用户密码进行计算
        byte[] inputpwbyte = md.digest();

        // 返回校验结果
        //return MessageDigest.isEqual(shacode, inputpwbyte);
        
        return true;
    }
   
    public static boolean authenticate(String usr, String pwd) {
        boolean success = false;
        DirContext ctx = null;
        
        try {
            ctx = LdapHelper.getCtx();
            SearchControls constraints = new SearchControls();
            //constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
             constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
            NamingEnumeration en = ctx.search("", "cn=" + usr, constraints); // 查询所有用户
               
            while (en != null && en.hasMoreElements()) {
                Object obj = en.nextElement();
                if (obj instanceof SearchResult) {
                    SearchResult si = (SearchResult) obj;
                    System.out.println("name:   " + si.getName());
                    Attributes attrs = si.getAttributes();
                    if (attrs == null) {
                        System.out.println("No   attributes");
                    } else {
                        Attribute attr = attrs.get("userPassword");
                        Object o = attr.get();
                        byte[] s = (byte[]) o;
                        String pwd2 = new String(s);
                        WebLogs.getLogger().info("----------"+pwd2);
                        success = LdapHelper.verifySHA(pwd2, pwd);
                        return success;
                    }
                } else {
                    System.out.println(obj);
                }
                System.out.println();
            }
            ctx.close();
        } catch (NoSuchAlgorithmException ex) {
            try {
                if (ctx != null) {
                    ctx.close();
                }
            } catch (NamingException namingException) {
                namingException.printStackTrace();
            }
//            Logger.getLogger(DBAccess.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NamingException ex) {
            try {
                if (ctx != null) {
                    ctx.close();
                }
            } catch (NamingException namingException) {
                namingException.printStackTrace();
            }
//            Logger.getLogger(LdapHelper.class.getName()).log(Level.SEVERE, null, ex);
        }
        return false;
    }


    public static void main(String[] args) {
        //getCtx();
        WebLogs.getLogger().info("-----------"+ LdapHelper.authenticate("az486","naveco.789"));
        
//        LdapHelper lh=new LdapHelper();
//        boolean bl=lh.authenticate("xxbtmp", "naveco.123");
//        WebLogs.getLogger().info("---------"+bl);
    }


}

目前不管使用什么账户和密码测试,都是返回的false,希望熟悉LDAP登陆验证的高手指导下,能在后面回复中给下代码么,谢谢


另外问下
com.report.service.PropertyItem;   
com.report.vo.OrganizationalUnitDomain;   
com.report.vo.UserDomain;
这3个文件的jar包在哪下载,找了好久没找到



[ 本帖最后由 leonardo38 于 2011-10-19 10:56 编辑 ]
搜索更多相关主题的帖子: 服务器  朋友  import  

----------------解决方案--------------------------------------------------------