Java 如何在不提示输入用户名/密码的情况下使用 Windows 身份验证调用 Active Directory?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1010356/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I call Active Directory using Windows Authentication without prompting for username/password?
提问by hawkeye
You can see an example of accessing LDAP using the InitialLdapContextclass in Java in the following posts:
您可以InitialLdapContext在以下帖子中看到使用Java 中的类访问 LDAP 的示例:
http://forums.sun.com/thread.jspa?threadID=603815
http://forums.sun.com/thread.jspa?threadID=603815
http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586.html
http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586.html
This requires a login and password to be passed in (even though the service account or user running the java process has already logged in to be able to run).
这需要传入登录名和密码(即使运行 java 进程的服务帐户或用户已经登录才能运行)。
As the user or service account is already logged in - they can already run active directory commands like the following without a user name or password:
由于用户或服务帐户已经登录 - 他们已经可以在没有用户名或密码的情况下运行如下活动目录命令:
dsquery user -samid "login" |dsget user -samid -email -display
So why does Java need the login password if this query is already available to Windows? Kosuke hints that it is not required in this blog post under conclusion:
那么,如果 Windows 已经可以使用此查询,那么为什么 Java 需要登录密码呢?Kosuke 在结论下的这篇博文中暗示不需要它:
https://community.oracle.com/blogs/kohsuke/2008/06/12/more-active-directory-integration-java
https://community.oracle.com/blogs/kohsuke/2008/06/12/more-active-directory-integration-java
How can we call Active Directory in Java without:
我们如何在没有以下情况下在 Java 中调用 Active Directory:
- using a login or password (running under an account that is already logged in)?
- executing a command on the command line?
- 使用登录名或密码(在已登录的帐户下运行)?
- 在命令行上执行命令?
采纳答案by matt b
This probably occurs because
这可能是因为
- You are using LDAP libraries/contexts to communicate with Active Directory, and these libraries need to support other types of LDAP (does AD even count as LDAP?)
- The providers of these implementations are the ones requiring it. LDAP communication is done through providers that supply the implementation, it's not done by the actual Java runtime.
- The current user's password is not (I hope) actually provided by Windows to Java.
- 您正在使用 LDAP 库/上下文与 Active Directory 进行通信,并且这些库需要支持其他类型的 LDAP(AD 是否也算作 LDAP?)
- 这些实现的提供者是需要它的人。LDAP 通信是通过提供实现的提供者完成的,而不是由实际的 Java 运行时完成的。
- 当前用户的密码不是(我希望)Windows 实际上提供给 Java 的。
When Windows authenticates you against AD as you run applications that require it, it presents some other set of credentials besides your actual password. These credentials are not available in Java, or at least none of the providers of LDAP communicators have provided a way to retrieve it.
当 Windows 在您运行需要它的应用程序时针对 AD 对您进行身份验证时,除了您的实际密码之外,它还会提供一些其他凭据。这些凭证在 Java 中不可用,或者至少没有一个 LDAP 通信器的提供者提供检索它的方法。
In his other blog post on the subjectKohsuke expands a bit more on why things are the way they are in Java-land when it comes to Active Directory.
在他关于这个主题的另一篇博文中,Kohsuke 更详细地解释了当涉及到 Active Directory 时,Java 领域的情况为何如此。
