新建web应用
配置JNDI
server.xm
l
<Context docBase="JNDITest" path="/JNDITest" reloadable="true" source="org.eclipse.jst.jee.server:JNDITest">
<!-- Configure the name and data type of a resource made available to the application (equivalent to the inclusion of a <resource-ref> element in the web application deployment descriptor).
configure Tomcat's resource factory
<Resource name="jdbc/oa"
auth="Container"
type="javax.sql.DataSource"
username="root"
password="root"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://127.0.0.1:3306/oa"
maxActive="8"
maxIdle="4"/>
-->
<!-- Tomcat 6 includes a series of standard resource factories that can provide services to your web applications
Of the standard resource factories, only the "JDBC Data Source" and "User Transaction" factories are mandated to be available on other platforms, and then they are required only if the platform implements the Java2 Enterprise Edition (J2EE) specs. All other standard resource factories, plus custom resource factories that you write yourself, are specific to Tomcat and cannot be assumed to be available on other containers.
在server.xml中配置可以,由于server.xml在启动时加载,Tomcat6可配置在context.xml文件中,Tomcat
6会定时去查看该文件,判断时间撮,重新加载context.xml文件
<Resource name="bean/MyBeanFactory" auth="Container"
type="com.morning.learn.j2ee.jndi.MyBean"
factory="org.apache.naming.factory.BeanFactory"
bar="23"/>
-->
</Context>
</Host>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>JNDITest</display-name>
<!-- 资源引用,通常是资源(如JDBC DataSource,JavaMail Session)的对象工厂,或者在Tomcat6中配置的定制对象工厂
custom object factories configured into Tomcat 6
-->
<!-- a new variation of resource-ref added in Servlet 2.4 that is simpler to configure for resources that do not require authentication information -->
<resource-env-ref>
<description>Object factory for MyBean instances</description>
<resource-env-ref-name>bean/MyBeanFactory</resource-env-ref-name>
<resource-env-ref-type>com.morning.learn.j2ee.jndi.MyBean</resource-env-ref-type>
</resource-env-ref>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/oa</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
context.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><!-- The contents of this file will be loaded for each web application -->
<Context reloadable="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
<!-- 全局资源定义 -->
<Resource name="bean/MyBeanFactory" auth="Container"
type="com.morning.learn.j2ee.jndi.MyBean"
factory="org.apache.naming.factory.BeanFactory"
bar="888"/>
<Resource name="jdbc/oa"
auth="Container"
type="javax.sql.DataSource"
username="root"
password="root"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://127.0.0.1:3306/oa"
maxActive="8"
maxIdle="4"/>
</Context>
jndiTest.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<%@ page import="javax.naming.*" %>
<%@ page import="com.morning.learn.j2ee.jndi.*"%>
<%@ page import="javax.sql.*"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Cache-Control" content="no-store"/>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
<title>Insert title here</title>
</head>
<body>
<%-- 编写需要使用JNDI资源的代码 --%>
<%
//通过JNDI默认的命名空间初始化JNDI上下文
Context initctx = new InitialContext();
Context envCtx = (Context) initctx.lookup("java:comp/env");
//通过JNDI服务查找JNDI树上的资源
DataSource ds= (DataSource) envCtx.lookup("jdbc/oa");
System.out.println(ds.getConnection());
MyBean bean= (MyBean) envCtx.lookup("bean/MyBeanFactory");
System.out.println(" bar: " + bean.getBar());
%>
ccadfs
</body>
</html>
分享到:
相关推荐
java asm jndi_JNDI-Injection-Exploit,用于log4j2漏洞验证 可执行程序为jar包,在命令行中运行以下命令: $ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address] 其中: -C ...
# JNDI-Inject-Exploit ## 免责声明 本工具仅面向**合法授权的企业安全测试**,如您需测试本工具的可用性请自行搭建靶机环境,在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的...
hibernate 3.1+tomcat 5.5.x(配置jndi)hibernate 3.1+tomcat 5.5.x(配置jndi)hibernate 3.1+tomcat 5.5.x(配置jndi)hibernate 3.1+tomcat 5.5.x(配置jndi)hibernate 3.1+tomcat 5.5.x(配置jndi)hibernate 3.1+...
简单我tomcat5.0中的JNDI应用
jboss配置MySql的JNDI
JNDI(Java Naming and Directory Interface)是SUN公司提供的一种标准的Java命名系统接口,JNDI提供统一的客户端API,通过不同的访问提供者接口JNDI SPI的实现,由管理者将JNDI API映射为特定的命名服务和目录系统,...
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
自定义jndi数据源factory类,用于解密jndi中的加密数据,解密方式为DES,具体可根据实际需求修改。
$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address] where: -C - command executed in the remote classfile. (optional , default command is "open /Applications/...
jndi所依赖的jar包,fscontext.jar和providerutil.jar,jndi.jar 将jndi.jar复制到%JAVA_HOME%\jre\lib\ext目录下就可得到持久的扩展
Windows_7_下搭建LDAP服务器并使用JNDI Windows_7_下搭建LDAP服务器并使用JNDI Windows_7_下搭建LDAP服务器并使用JNDI
jndi,就是命名服务(n:naming)和目录服务(d:directory). 命名服务:把对象映射到方便记忆的名字的机制.可以通过域名系统dns来理解,例如我们访问百度,只要输入www.baidu.com而不是百度的IP地址. 目录服务:其实也是一种...
配置了tomcat之后发现jndi好简单啊,可是碰到了hibernate该怎么做呢,本例详细解析
TOMCAT8 JNDI对用户名和密码加密
在JAVA编程中对JNDI的支持.是一个开放的源码.
JNDI-Injection-Exploit-1.0-SNAPSHOT-all
1.1 Apache Tomcat各版本 1.2 Apache Tomcat Versions 1.3 Java事务处理总结 1.4 JavaBean中使用JDBC...1.22 JNDI配置原理详解 1.23 JSF+Seam框架学习心得 1.24 java jdbc驱动的四种类型 1.25 resource-ref元素
首先配置Tomcat服务器文件 ... <Resource name="jdbc/jndidemo" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="sa" password="1" driverClassName=...
jndi入门学习资料,介绍jndi基本原理,安装和使用,基本配置
如何在spring中等价配置得到原本由jndi配置实现的数据源? 现在的问题是:由于各种原因,当不想使用jndi方式,如何等价的在spring工程内部实现配置?