- 浏览: 190182 次
- 性别:
文章分类
最新评论
-
路人甲wxf:
.net可以在不使用证书的情况下修改密码,java做不到吗?
添加用户、修改ad密码 -
zxsosozhuzhu:
你好,我也遇到这个问题了,但是按照你的方法还是附件中文还是乱码 ...
java mail 纯文本附件乱码的解决方案 -
balaschen:
can4you 写道 请教问题:你好,请教一个问题,我现在要模 ...
spring2.0事务配置实验 -
can4you:
/**
* Created: 2007-2-1
* ...
FreeMarker解析字符串模板 -
can4you:
请教问题:你好,请教一个问题,我现在要模拟两个事务同时更新一 ...
spring2.0事务配置实验
http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0
http://forum.java.sun.com/thread.jspa?threadID=716240&tstart=0
http://forum.java.sun.com/thread.jspa?threadID=716240&tstart=0
java 代码
- /***************************** LDAPFastBind.java *****************/
- package test.ldap;
- import java.io.IOException;
- import java.io.UnsupportedEncodingException;
- import java.util.Hashtable;
- import javax.naming.AuthenticationException;
- import javax.naming.Context;
- import javax.naming.NamingEnumeration;
- import javax.naming.NamingException;
- import javax.naming.directory.Attribute;
- import javax.naming.directory.Attributes;
- import javax.naming.directory.BasicAttribute;
- import javax.naming.directory.BasicAttributes;
- import javax.naming.directory.DirContext;
- import javax.naming.directory.ModificationItem;
- import javax.naming.directory.SearchControls;
- import javax.naming.directory.SearchResult;
- import javax.naming.ldap.Control;
- import javax.naming.ldap.InitialLdapContext;
- import javax.naming.ldap.LdapContext;
- import javax.naming.ldap.StartTlsRequest;
- import javax.naming.ldap.StartTlsResponse;
- class FastBindConnectionControl implements Control {
- public byte[] getEncodedValue() {
- return null;
- }
- public String getID() {
- return "1.2.840.113556.1.4.1781";
- }
- public boolean isCritical() {
- return true;
- }
- }
- public class LDAPFastBind {
- public Hashtable env = null;
- public LdapContext ctx = null;
- public Control[] connCtls = null;
- public LDAPFastBind(String ldapurl) {
- env = new Hashtable();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
- "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.PROVIDER_URL, ldapurl);
- env.put(Context.SECURITY_PROTOCOL,"ssl");
- String keystore = "/jdk1.5.0_09/jre/lib/security/cacerts";
- System.setProperty("javax.net.ssl.trustStore",keystore);
- connCtls = new Control[] { new FastBindConnectionControl() };
- // first time we initialize the context, no credentials are supplied
- // therefore it is an anonymous bind.
- try {
- ctx = new InitialLdapContext(env, connCtls);
- } catch (NamingException e) {
- System.out.println("Naming exception " + e);
- }
- }
- public boolean Authenticate(String username, String password) {
- try {
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
- ctx.reconnect(connCtls);
- System.out.println(username + " is authenticated");
- return true;
- }
- catch (AuthenticationException e) {
- System.out.println(username + " is not authenticated");
- System.out.println(e);
- return false;
- } catch (NamingException e) {
- System.out.println(username + " is not authenticated");
- System.out.println(e);
- return false;
- }
- }
- public void finito() {
- try {
- ctx.close();
- System.out.println("Context is closed");
- } catch (NamingException e) {
- System.out.println("Context close failure " + e);
- }
- }
- public void printUserAccountControl() {
- try {
- // Create the search controls
- SearchControls searchCtls = new SearchControls();
- // Specify the search scope
- searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- // specify the LDAP search filter
- //String searchFilter = "(&(objectClass=user)(CN=test))";
- //String searchFilter = "(&(objectClass=group))";
- String searchFilter = "(&(objectClass=user)(CN=peter lee))";
- // Specify the Base for the search
- String searchBase = "DC=joeyta,DC=local";
- // initialize counter to total the group members
- int totalResults = 0;
- // Specify the attributes to return
- String returnedAtts[] = { "givenName", "mail" };
- searchCtls.setReturningAttributes(returnedAtts);
- // Search for objects using the filter
- NamingEnumeration answer = ctx.search(searchBase, searchFilter,
- searchCtls);
- // Loop through the search results
- while (answer.hasMoreElements()) {
- SearchResult sr = (SearchResult) answer.next();
- System.out.println(">>>" + sr.getName());
- // Print out the groups
- Attributes attrs = sr.getAttributes();
- if (attrs != null) {
- try {
- for (NamingEnumeration ae = attrs.getAll(); ae
- .hasMore();) {
- Attribute attr = (Attribute) ae.next();
- System.out.println("Attribute: " + attr.getID());
- for (NamingEnumeration e = attr.getAll(); e
- .hasMore(); totalResults++) {
- System.out.println(" " + totalResults + ". "
- + e.next());
- }
- }
- } catch (NamingException e) {
- System.err.println("Problem listing membership: " + e);
- }
- }
- }
- System.out.println("Total attrs: " + totalResults);
- }
- catch (NamingException e) {
- System.err.println("Problem searching directory: " + e);
- }
- }
- public boolean adminChangePassword(String sUserName, String sNewPassword){
- try {
- //set password is a ldap modfy operation
- ModificationItem[] mods = new ModificationItem[1];
- //Replace the "unicdodePwd" attribute with a new value
- //Password must be both Unicode and a quoted string
- String newQuotedPassword = "\"" + sNewPassword + "\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
- // Perform the update
- ctx.modifyAttributes(sUserName, mods);
- System.out.println("Reset Password for: " + sUserName);
- return true;
- }
- catch (NamingException e) {
- System.out.println("Problem resetting password: " + e);
- }
- catch (UnsupportedEncodingException e) {
- System.out.println("Problem encoding password: " + e);
- }
- return false;
- }
- public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
- try {
- //StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
- //tls.negotiate();
- //change password is a single ldap modify operation
- //that deletes the old password and adds the new password
- ModificationItem[] mods = new ModificationItem[2];
- //Firstly delete the "unicdodePwd" attribute, using the old password
- //Then add the new password,Passwords must be both Unicode and a quoted string
- String oldQuotedPassword = "\"" + sOldPassword + "\"";
- byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
- String newQuotedPassword = "\"" + sNewPassword + "\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
- mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
- // Perform the update
- ctx.modifyAttributes(sUserName, mods);
- System.out.println("Changed Password for: " + sUserName);
- //tls.close();
- return true;
- }
- catch (NamingException e) {
- System.err.println("Problem changing password: " + e);
- }
- catch (UnsupportedEncodingException e) {
- System.err.println("Problem encoding password: " + e);
- } catch ( Exception e){
- System.err.println("Problem: " + e);
- }
- return false;
- }
- public boolean createNewUser(String sGroupName, String sUserName){
- try {
- // Create attributes to be associated with the new user
- Attributes attrs = new BasicAttributes(true);
- //These are the mandatory attributes for a user object
- //Note that Win2K3 will automagically create a random
- //samAccountName if it is not present. (Win2K does not)
- attrs.put("objectClass","user");
- attrs.put("sAMAccountName","AlanT");
- attrs.put("cn","Alan Tang");
- //These are some optional (but useful) attributes
- attrs.put("givenName","Alan");
- attrs.put("sn","Tang");
- attrs.put("displayName","Alan Tang");
- attrs.put("description","Engineer");
- attrs.put("userPrincipalName","alan-AT-joeyta.local");
- attrs.put("mail","alang-AT-mail.joeyta-DOT-local");
- attrs.put("telephoneNumber","123 456 789");
- //some useful constants from lmaccess.h
- int UF_ACCOUNTDISABLE = 0x0002;
- int UF_PASSWD_NOTREQD = 0x0020;
- int UF_PASSWD_CANT_CHANGE = 0x0040;
- int UF_NORMAL_ACCOUNT = 0x0200;
- int UF_DONT_EXPIRE_PASSWD = 0x10000;
- int UF_PASSWORD_EXPIRED = 0x800000;
- //Note that you need to create the user object before you can
- //set the password. Therefore as the user is created with no
- //password, user AccountControl must be set to the following
- //otherwise the Win2K3 password filter will return error 53
- //unwilling to perform.
- attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
- // Create the context
- Context result = ctx.createSubcontext(sUserName, attrs);
- System.out.println("Created disabled account for: " + sUserName);
- //now that we've created the user object, we can set the
- //password and change the userAccountControl
- //and because password can only be set using SSL/TLS
- //lets use StartTLS
- //StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
- //tls.negotiate();
- //set password is a ldap modfy operation
- //and we'll update the userAccountControl
- //enabling the acount and force the user to update ther password
- //the first time they login
- ModificationItem[] mods = new ModificationItem[2];
- //Replace the "unicdodePwd" attribute with a new value
- //Password must be both Unicode and a quoted string
- String newQuotedPassword = "\"P-AT-ssw0rd\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
- mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
- // Perform the update
- ctx.modifyAttributes(sUserName, mods);
- System.out.println("Set password & updated userccountControl");
- //now add the user to a group.
- try {
- ModificationItem member[] = new ModificationItem[1];
- member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", sUserName));
- ctx.modifyAttributes(sGroupName,member);
- System.out.println("Added user to group: " + sGroupName);
- }
- catch (NamingException e) {
- System.err.println("Problem adding user to group: " + e);
- }
- //Could have put tls.close() prior to the group modification
- //but it seems to screw up the connection or context ?
- //tls.close();
- System.out.println("Successfully created User: " + sUserName);
- return true;
- }
- catch (NamingException e) {
- System.err.println("Problem creating object: " + e);
- }
- catch (IOException e) {
- System.err.println("Problem creating object: " + e);
- }
- return false;
- }
- public boolean addUserToGroup(LdapContext ctx, String userDN, String groupDN) {
- try{
- ModificationItem[] mods = new ModificationItem[1];
- mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userDN));
- ctx.modifyAttributes(groupDN, mods);
- System.out.println("Added user " + userDN + " to group " + groupDN);
- return true;
- } catch (NamingException ne){
- System.err.println("Problem add user to group: " + ne);
- }
- return false;
评论
1 楼
spiritfrog
2007-11-19
userChangePassword中能否先验证OldPassword?我试了下,总是拿不到。
像你这样直接删除OldPassword,如果不存在是否会报错?
像你这样直接删除OldPassword,如果不存在是否会报错?
发表评论
-
利用sax和xslt转换csv文件内容
2008-02-03 15:57 3190package jaxp; import java.io.B ... -
通过BOM探测文本文件编码类型
2008-01-24 15:19 2385从tomcat源码抄来的改的: private Object ... -
java mail 纯文本附件乱码的解决方案
2008-01-24 15:16 6118java mail在发送纯文本附件时,当附件内容的编码和jvm ... -
ntdsutil设置AD查询返回最大条目
2008-01-18 16:56 1725AD缺省的最大查询结果为1000个,如果超过1千个,则需要客户 ... -
struts2-layout
2007-11-09 18:17 51testvvvv -
Http基本明文验证
2007-06-13 12:55 1847base64解码使用了novell的实现 java 代码 ... -
如何启用活动目录SSL连接
2007-06-13 10:49 3427ad:http://www.cnblogs.com/chnki ... -
AD User重要属性
2007-06-11 14:55 2187objectClass=User User-Account ... -
添加用户、修改ad密码
2007-06-11 11:28 15838java 代码 /** * ... -
ldap 访问AD测试
2007-06-08 16:37 4398java 代码 java 代码 /** ... -
正确认识memcached的缓存失效
2007-05-29 10:56 9624最近javaeye上memcached相当火,不少人把它当作s ... -
webwork结合memcached实现sna架构
2007-05-28 14:04 5788实现思路,使用一个拦截器实现session的处理: ... -
activemq实验
2007-05-17 11:37 2127实验环境:activemq4.1.1/spring1.2.8 ... -
发现用Spring配置事务不爽的一个地方
2007-05-11 16:41 2036举个例子: SomeService implement I ... -
Java Transaction Design Strategies读书笔记
2007-05-14 15:34 2421第一种:Client Owner Transaction Ma ... -
有谁知道银行的跨行转帐是怎么保证交易的原子性和一致性?
2007-05-10 09:18 23032最近在看《Java Transaction Design St ... -
InnerClass引用的外层local final变量,究竟具有什么语义
2006-12-21 18:04 6656先看这段代码: public class ShowAnon ...
相关推荐
javaJNDI连接数据库
帆软报表FineReport中数据连接中的Tomcat配置JNDI连接,要通过JNDI方式定义数据连接,首先在Tomcat服务器配置好JNDI,然后在设计器中直接调用JNDI的名字,即可成功使用JNDI连接,本文进行详细演示。
以oracle9i数据源制作的模板jndi.cpt为例来说明如何在FineReport中的Websphere配置JNDI连接,并进行详细演示。
jndi连接数据库.rar
自己做的 日文 pentaho-bi-suite-3.0.1-GA
Windows_7_下搭建LDAP服务器并使用JNDI Windows_7_下搭建LDAP服务器并使用JNDI Windows_7_下搭建LDAP服务器并使用JNDI
简单的数据库连接池,jndi连接,封装成集合
DBCP、C3P0,JNDI 连接池配置使用,可以参考一下。
提供参考,JNDI连接池+单例模式+文件上传
使用JNDI 连接数据库的三种示例,我已经在代码里标注,使用 MyEclipse 导入即可。欢迎下载我的更多资源。
经过实践归纳的,参考了tomcat6.0关于配置JNDI的官方文档。经过测试可以配置成功和使用。
JNDI(Java Naming and Directory Interface)是SUN公司提供的一种标准的Java命名系统接口,JNDI提供统一的客户端API,通过不同的访问提供者接口JNDI SPI的实现,由管理者将JNDI API映射为特定的命名服务和目录系统,...
tomcat6.0JNDI连接数据库 中配置代码
Tomcat通过JNDI方式连接SqlServer数据库 开发JSP详解
JNDI连接数据库配置,Context initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup("java:comp/env"); DataSource ds = (DataSource) envCtx.lookup("jdbc/DevDB"); Connection conn = ...
Java通用Dao包括JDBC和JNDI两种连接方式 还有查询,增删改 两种方法。
我自己学的,希望能帮你们解决一些学习上的困难
基于JNDI的应用程序开发 在以TOMCAT为WEB服务器的项目中,用JNDI建立数据库连接池实例.
1,请将context.xml代替tomcat安装包下的conf文件夹下的context.xml,并将数据库的密码和用户 ip换为自己的。 2,将index.jsp替换位于myeclipse工程下的webroot下的index.jsp。sql语句换为自己的。...