feat(LDAP): 支持LDAPS
This commit is contained in:
parent
f239183989
commit
8988059e54
|
@ -0,0 +1,84 @@
|
|||
package io.metersphere.ldap.service;
|
||||
|
||||
import javax.net.SocketFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.Socket;
|
||||
import java.net.UnknownHostException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
public class CustomSSLSocketFactory extends SSLSocketFactory {
|
||||
private SSLSocketFactory socketFactory;
|
||||
|
||||
public CustomSSLSocketFactory() {
|
||||
try {
|
||||
SSLContext ctx = SSLContext.getInstance("TLS");
|
||||
ctx.init(null, new TrustManager[]{new DummyTrustmanager()}, new SecureRandom());
|
||||
socketFactory = ctx.getSocketFactory();
|
||||
} catch (Exception ex) {
|
||||
ex.printStackTrace(System.err);
|
||||
}
|
||||
}
|
||||
|
||||
public static SocketFactory getDefault() {
|
||||
return new CustomSSLSocketFactory();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getDefaultCipherSuites() {
|
||||
return socketFactory.getDefaultCipherSuites();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getSupportedCipherSuites() {
|
||||
return socketFactory.getSupportedCipherSuites();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket createSocket(Socket socket, String string, int num, boolean bool) throws IOException {
|
||||
return socketFactory.createSocket(socket, string, num, bool);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket createSocket(String string, int num) throws IOException, UnknownHostException {
|
||||
return socketFactory.createSocket(string, num);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket createSocket(String string, int num, InetAddress netAdd, int i) throws IOException, UnknownHostException {
|
||||
return socketFactory.createSocket(string, num, netAdd, i);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket createSocket(InetAddress netAdd, int num) throws IOException {
|
||||
return socketFactory.createSocket(netAdd, num);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket createSocket(InetAddress netAdd1, int num, InetAddress netAdd2, int i) throws IOException {
|
||||
return socketFactory.createSocket(netAdd1, num, netAdd2, i);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 证书
|
||||
*/
|
||||
public static class DummyTrustmanager implements X509TrustManager {
|
||||
public void checkClientTrusted(X509Certificate[] cert, String string) throws CertificateException {
|
||||
}
|
||||
|
||||
public void checkServerTrusted(X509Certificate[] cert, String string) throws CertificateException {
|
||||
}
|
||||
|
||||
public X509Certificate[] getAcceptedIssuers() {
|
||||
return new java.security.cert.X509Certificate[0];
|
||||
}
|
||||
|
||||
}
|
||||
}
|
|
@ -18,7 +18,6 @@ import org.springframework.ldap.core.DirContextOperations;
|
|||
import org.springframework.ldap.core.LdapTemplate;
|
||||
import org.springframework.ldap.core.support.AbstractContextMapper;
|
||||
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
|
||||
import org.springframework.ldap.core.support.LdapContextSource;
|
||||
import org.springframework.ldap.query.SearchScope;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
|
@ -147,11 +146,16 @@ public class LdapService {
|
|||
|
||||
String credentials = EncryptUtils.aesDecrypt(password).toString();
|
||||
|
||||
LdapContextSource sourceLdapCtx = new LdapContextSource();
|
||||
SSLLdapContextSource sourceLdapCtx = new SSLLdapContextSource();
|
||||
sourceLdapCtx.setUrl(url);
|
||||
sourceLdapCtx.setUserDn(dn);
|
||||
sourceLdapCtx.setPassword(credentials);
|
||||
sourceLdapCtx.setDirObjectFactory(DefaultDirObjectFactory.class);
|
||||
// todo 这里加上strategy 会报错
|
||||
// DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy();
|
||||
// strategy.setShutdownTlsGracefully(true);
|
||||
// strategy.setHostnameVerifier((hostname, session) -> true);
|
||||
// sourceLdapCtx.setAuthenticationStrategy(strategy);
|
||||
sourceLdapCtx.afterPropertiesSet();
|
||||
LdapTemplate ldapTemplate = new LdapTemplate(sourceLdapCtx);
|
||||
ldapTemplate.setIgnorePartialResultException(true);
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
package io.metersphere.ldap.service;
|
||||
|
||||
import org.springframework.ldap.core.support.LdapContextSource;
|
||||
|
||||
import javax.naming.Context;
|
||||
import java.util.Hashtable;
|
||||
|
||||
public class SSLLdapContextSource extends LdapContextSource {
|
||||
public Hashtable<String, Object> getAnonymousEnv() {
|
||||
Hashtable<String, Object> anonymousEnv = super.getAnonymousEnv();
|
||||
anonymousEnv.put("java.naming.security.protocol", "ssl");
|
||||
anonymousEnv.put("java.naming.ldap.factory.socket", CustomSSLSocketFactory.class.getName());
|
||||
anonymousEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
return anonymousEnv;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue