尝试在Tomcat中将LDAP配置为JNDI资源 [英] Trying to configure LDAP as JNDI Resource in Tomcat

问题描述

我有一个ldap服务器，我用它来验证tomcat web应用程序中的用户。我正在使用JNDIRealm，它在上下文文件中配置，效果很好。

I have an ldap server that I'm using to authenticate users within a tomcat web application. I'm using the JNDIRealm and it's configured within a context file and this works great.

我还需要在ldap中搜索用户信息。我已经想出了如何使用jndi方法做到这一点，并且我通过使用哈希表创建自己的jndi上下文使其在tomcat之外正常工作。但是，我不想在代码中配置jndi属性，而是想在Realm配置旁边的上下文文件中创建一个JNDI Rsource。

I'll also need to search the ldap for user information. I've figured out how to do this with the "jndi method" and I have it working fine outside of tomcat by creating my own jndi context using a hashtable. However, instead of configuring the jndi properties in code, I'd like to create a JNDI Rsource in my context file right next to the Realm configuration.

我在想我会做这样的事情：

I'm thinking I would do something like this:

<Resource 
  name="ldap"
  auth="Container"
  type="com.sun.jndi.ldap.LdapCtxFactory"
  java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
  java.naming.provider.url="ldap://localhost:389"
  java.naming.security.authentication="simple"
  java.naming.security.principal="uid=rjcarr,dc=example"
  java.naming.security.credentials="abc123"
/>

但是tomcat告诉我资源无法创建或者我尝试用某些东西初始化它像这样：

But either tomcat tells me the resource can't be created or when I try to initialize it with something like this:

Context initctx = new InitialContext();
DirContext ctx = (DirContext) initctx.lookup("java:comp/env/ldap");

Tomcat告诉我无法创建资源实例。我还在我的web.xml文件中添加了正确的resource-ref，所以我认为这不是问题。

Tomcat tells me the "Cannot create resource instance". I've also added the correct resource-ref in my web.xml file, so I don't think that's the problem.

因为LDAP正在与JNDI一起使用方法我假设它应该能够配置为资源，对吧？我缺少什么？

Since LDAP is being used with the JNDI method I'm assuming it should be able to be configured as a Resource, right? What am I missing?

推荐答案

这个答案有点晚，但可能对其他用户有用。它基于 EJP的答案。

This answer is a bit late, but probably it'll be useful for other users. It's based on EJP's answer.

在 Apache上测试了以下解决方案Tomcat 7 。

如果需要，可以替换 LdapContext ， DirContext 。

创建一个实现 ObjectFactory 实例化< a href =https://docs.oracle.com/javase/7/docs/api/javax/naming/ldap/LdapContext.html\"rel =nofollow noreferrer> LdapContext ：

Create a class which implements ObjectFactory to instantiate a LdapContext:

public class LdapContextFactory implements ObjectFactory {

    public Object getObjectInstance(Object obj, Name name, Context nameCtx, 
        Hashtable<?, ?> environment) throws Exception {

        Hashtable<Object, Object> env = new Hashtable<Object, Object>();
        Reference reference = (Reference) obj;
        Enumeration<RefAddr> references = reference.getAll();

        while (references.hasMoreElements()) {

            RefAddr address = references.nextElement();
            String type = address.getType();
            String content = (String) address.getContent();

            switch (type) {

            case Context.INITIAL_CONTEXT_FACTORY:
                env.put(Context.INITIAL_CONTEXT_FACTORY, content);
                break;

            case Context.PROVIDER_URL:
                env.put(Context.PROVIDER_URL, content);
                break;

            case Context.SECURITY_AUTHENTICATION:
                env.put(Context.SECURITY_AUTHENTICATION, content);
                break;

            case Context.SECURITY_PRINCIPAL:
                env.put(Context.SECURITY_PRINCIPAL, content);
                break;

            case Context.SECURITY_CREDENTIALS:
                env.put(Context.SECURITY_CREDENTIALS, content);
                break;

            default:
                break;
            }
        }

        LdapContext context = new InitialLdapContext(env, null);
        return context;
    }
}

定义资源

将以下内容添加到 context.xml ，引用工厂并定义值以创建 LdapContext 实例：

Define your resource

Add the following to your context.xml, referencing the factory and defining the values to create a LdapContext instance:

<?xml version="1.0" encoding="UTF-8"?>
<Context>
    ...
    <Resource name="ldap/LdapResource" auth="Container"
        type="javax.naming.ldap.LdapContext"
        factory="com.company.LdapContextFactory"
        singleton="false" 
        java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
        java.naming.provider.url="ldap://127.0.0.1:389"
        java.naming.security.authentication="simple"
        java.naming.security.principal="username"
        java.naming.security.credentials="password" />
</Context>

如果您需要为资源添加更多属性/值，请考虑更新 ObjectFactory 在上面创建以读取这些新属性/值。

If you need to add more attributes/values to your resource, consider updating your ObjectFactory created above to read these new attributes/values.

在任何地方注入您的资源你需要：

Inject your resource wherever you need:

@Resource(name = "ldap/LdapResource")
private LdapContext bean;

或者查找：

Context initialContext = new InitialContext();
LdapContext ldapContext = (LdapContext)
    initialContext.lookup("java:comp/env/ldap/LdapResource");

查看更多

Apache Tomcat的文档说明如何添加自定义资源工厂。

这篇关于尝试在Tomcat中将LDAP配置为JNDI资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！