我使用JNDI通过Kerberos身份验证连接到LDAP目录。我需要知道当前连接的用户。换句话说,我需要在JNDI中使用等效的命令ldapwhoami。
感谢您的帮助!
答案 0 :(得分:0)
您需要使用WhoAmi扩展操作。见LdapContext.extendedOperation()。操作类不是JDK的一部分,所以我在这里发布它们。为了不依赖于com.sun。*类来进行BER编码/解码,我基于Netscape LDAP SDK。
出于我自己的目的,我考虑了常见的基类,但除非你从事编写扩展控件的业务,否则你可能希望将其扁平化为两个类,即扩展请求和扩展响应。
/*
* Copyright (c) Esmond Pitt, 2011.
* All rights reserved.
* Permission is hereby given to copy and use this code for non-commercial purposes
* provided this notice and the author attributions in the source code remain intact.
*/
BasicExtendedRequest:
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingException;
import javax.naming.ldap.ExtendedRequest;
import javax.naming.ldap.ExtendedResponse;
import netscape.ldap.ber.stream.BERElement;
/**
* Base class for LDAP extended requests.
*
* @author Esmond Pitt
*/
public abstract class BasicExtendedRequest implements ExtendedRequest
{
private String oid;
private BERElement element;
public BasicExtendedRequest(String oid, BERElement element)
{
this.oid = oid;
this.element = element;
}
@Override
public final String getID()
{
return oid;
}
@Override
public final byte[] getEncodedValue()
{
try
{
if (element == null)
return null;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
element.write(baos);
baos.close();
byte[] ber = baos.toByteArray();
// Logger.getLogger(this.getClass().getName()).log(Level.INFO, "ber={0}", new Object[]{Arrays.toString(ber)});
return ber;
}
catch (IOException exc)
{
Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, "writing", exc);
return null;
}
}
@Override
public abstract ExtendedResponse createExtendedResponse(String id, byte[] ber, int offset, int length) throws NamingException;
protected BERElement getElement()
{
return element;
}
}
BasicExtendedResponse:
import java.util.Arrays;
import javax.naming.ldap.ExtendedResponse;
/**
* Base class for LDAP extended responses.
*
* @author Esmond Pitt
*/
public class BasicExtendedResponse implements ExtendedResponse
{
private String oid;
private byte[] ber;
public BasicExtendedResponse(String oid, byte[] ber)
{
this.oid = oid;
this.ber = ber;
}
@Override
public byte[] getEncodedValue()
{
return ber;
}
@Override
public String getID()
{
return oid;
}
public String toString()
{
return super.toString()+":"+Arrays.toString(ber);
}
}
WhoAmIExtendedRequest:
import javax.naming.NamingException;
import javax.naming.ldap.ExtendedResponse;
import netscape.ldap.ber.stream.BERElement;
/**
* 'Who am I' extended request.
*
* @author Esmond Pitt
* @see WhoAmIExtendedResponse
* @see <a href="http://tools.ietf.org/html/rfc4532">RFC 4532</a>
*/
public class WhoAmIExtendedRequest extends BasicExtendedRequest
{
public WhoAmIExtendedRequest()
{
super(WhoAmIExtendedResponse.OID, null);
}
@Override
public ExtendedResponse createExtendedResponse(String id, byte[] ber, int offset, int length) throws NamingException
{
// id is possibly null
assert id == null || id.equals(WhoAmIExtendedResponse.OID) : "wrong OID";
return new WhoAmIExtendedResponse(ber, offset, length);
}
}
WhoAmIExtendedResponse:
import javax.naming.NamingException;
/**
* 'Who am I' extended request.
*
* @author Esmond Pitt
* @see WhoAmIExtendedRequest
*/
public class WhoAmIExtendedResponse extends BasicExtendedResponse
{
public static final String OID = "1.3.6.1.4.1.4203.1.11.3";
private String authzID;
public WhoAmIExtendedResponse(byte[] ber, int offset, int length) throws NamingException
{
super(OID, ber);
this.authzID = new String(ber, offset, length);
}
public String getAuthzID()
{
return authzID;
}
}