从Weblogic获取IntialContext而不使用明文密码 [英] Obtaining an IntialContext from Weblogic without using clear text password

问题描述

我可以使用以下方法从JNDI客户端获取Weblogic InitialContext: 属性作为InitialContext的环境参数

I can obtain the Weblogic InitialContext from a JNDI Client using the following properties as the Environment parameters for InitialContext

Hashtable jndiProps = new Hashtable();
jndiProps.put("java.naming.factory.initial", "t3://localhost:7001");
jndiProps.put("java.naming.provider.url", "weblogic.jndi.WLInitialContextFactory");
jndiProps.put("java.naming.security.principal", "weblogic");
jndiProps.put("java.naming.security.credentials", "weblogic");

InitialContext ctx = new InitialContext(jndiProps);

问题是，有没有一种方法可以在不将security.credentials指定为明文但也可以将其指定为哈希值的情况下获取InitialContext?

The question is, is there a way to obtain the InitialContext without specifying the security.credentials as cleartext but maybe as a hashed value?

推荐答案

您可以使用对称加密，对密码值进行加密并将其存储在属性文件中.然后，在创建初始上下文之前，请先读取属性值，对其进行解密并更新属性，然后再将jndiProps对象传递给InitialContext构造函数.

You could use symmetric encryption, encrypt the password value and store this in the properties file. Then before creating the initial context read the property value, decrypt it and update the property before passing the jndiProps object to the InitialContext constructor.

加密密钥仍将在客户端上，但它将阻止某个人随便读取属性文件以查找密码.

The encryption key would still be on the client but it's going to stop someone casually reading the property file to find out the password.

使用SSL也是保护在客户端和服务器之间传输密码的好方法.

Using SSL is also a good idea for protecting the password as it is transmitted between the client and the server.

这篇关于从Weblogic获取IntialContext而不使用明文密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！