通过applet访问LDAP

时间:2014-10-28 13:06:29

标签: java security applet signed-applet

我需要通过applet访问本地运行的 LDAP ,以便根据自己的组织安全性对用户进行身份验证。

但是当我点击登录按钮并且applet尝试连接到10.0.215.45服务器时,它会发出以下异常

     network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with proxy=DIRECT
    network: Connecting http://qa.mycompany.com/loginldap/jndi.properties with cookie "__utma=3105202.1962924881.1410333072.1410351890.1411365879.4; __utmz=3105202.1410333072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _bcvm_vrid_3210241798524429162=9098969101660648460T0DA4F9342F9A96696C8032E97870412050BB1ADC5C79D4B5EAA03F617D96473191202EB66601664B00D33A3B14F5A765452D84B6F8C4149A8E9235E8EEFB41FE; inproducttranslatemode=false"
    network: Connecting http:// 10.0.215.45 :389/crossdomain.xml with proxy=DIRECT
    network: Connecting http:// 10.0.215.45 :389/ with proxy=DIRECT
    java.security.AccessControlException: access denied ("java.net.SocketPermission" "10.0.215.45:389" "connect,resolve")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkConnect(Unknown Source)
        at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
        at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)

我在构建过程中自行签署了applet jar

<target name="dist" depends="clean,compile" description="generate the distribution">
<mkdir dir="${dist}" />
<copy todir="${build}">
    <fileset file="${src}/conf.properties" />
</copy>
<jar jarfile="${dist}/${module-jar-file}" basedir="${build}">
    <manifest>
        <attribute name="Permissions" value="sandbox" />
        <attribute name="Codebase" value="*.mycompany.com" />
        <attribute name="Application-Library-Allowable-Codebase" value="*.mycompany.com" />
        <attribute name="Application-Name" value="Company - SSO" />
        <attribute name="Main-Class" value="com.mycompany.authentication.sso.Application"/>
        <attribute name="Entry-Point" value="com.mycompany.authentication.sso.applet.Applet" />
    </manifest>
</jar>
<signjar jar="${dist}/${module-jar-file}" alias="signalias" keystore="keystore" storepass="storepass">
</signjar>
<copy todir="${dist}">
    <fileset file="resources/index.html" />
</copy>

我的整体架构就像

&#13;
&#13;
>>>>>>>>>>>>>> INTERNET <<<<<<<<<<<<<<<

 +-------------------------+
 +                         +
 +                         +
 +    qa.mycompany.com     +    <= applet is hosted here
 +         SERVER          +
 +                         +
 +-------------------------+

**************************************************************************************

>>>>>>>>>>>>>> LOCAL NETWORK <<<<<<<<<<<<<<<

    +-----------------------------------------------+
    +                                               +
    +   http://qa.mycompany.com/loginldap           +
    +                                               +
    +-----------------------------------------------+
    +                                               +
    +                                               +
    +       Client browser downloading applet       +  =======||
    +                 and running                   +         ||
    +                                               +         ||
    +-----------------------------------------------+         ||
                                                              ||
                                                              ||        (10.0.215.45)  
                                                              ||        +------------+
                                                              ======>>  +            +
                                                                        +    LDAP    +
                                                                        +            +
                                                                        +------------+
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:1)

以下是我如何运作

  1. 我将清单行从<attribute name="Permissions" value=" 沙箱 " />更改为<attribute name="Permissions" value=" 所有权限 " />
  2. 将我的主机http://qa.mycompany.com添加到异常网站列表中,因为我 没有任何正确的SSL证书。来自安全选项卡下的Java Control Pannel。
  3. 这至少开始并在浏览器中运行我的applet。稍后对于生产环境,我可以拥有正确的SSL证书,并根据我的要求分配适当的权限。