java - 如何访问 Weblogic 安全领域内 OID/OAM 中可用的所有用户属性？

Question

我们已将 OID/OAM 配置为 weblogic 安全中的安全提供者。

在检查用户属性时，只有用户 ID 是可见的。

如何让 OID/OAM 中可用的所有属性在 Weblogic 安全用户和组中可用？

Answer 1

短版：使用此处描述的 JMX来获取配置的 OID-Authenticator-MBean。然后，您可以使用该 MBean 获取必要的参数，以建立您自己的 OID 连接并遍历属性。您可能还想在此处阅读有关 Java 命名和目录操作的信息

示例实现：

package test;

import java.util.Hashtable;

import javax.management.Descriptor;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.modelmbean.ModelMBeanInfo;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;

public class OIDFromWLBean {

    // The attribute you want to read (for a specific user)
    private static final String ATTRIBUTE_NAME = "pwdChangedTime";

    // The Class of the configured Authenticator Provider, here it is OID
    // Check the API if you use something else
    // API Docs:
    // http://docs.oracle.com/cd/E12839_01/apirefs.1111/e13945/weblogic/security/providers/authentication/OracleInternetDirectoryAuthenticatorMBean.html
    final String OID_AUTHENTICATOR_MBEAN_NAME = "weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBean";

    // The rest here should be static and stay unchanged
    private static final String COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String INTERFACE_CLASS_NAME = "interfaceClassName";
    private static final String AUTHENTICATION_PROVIDERS = "AuthenticationProviders";
    private static final String DEFAULT_REALM = "DefaultRealm";
    private static final String SECURITY_CONFIGURATION = "SecurityConfiguration";
    private static final String DOMAIN_CONFIGURATION = "DomainConfiguration";
    final String MBEAN_SERVER = "java:comp/env/jmx/domainRuntime";
    final String DOMAIN_MBEAN_NAME = "com.bea:Name=DomainRuntimeService,Type=weblogic.management.mbeanservers.domainruntime.DomainRuntimeServiceMBean";

    public String getAttribute(String username, String password) {
    final MBeanServer connection = getConnection();
    final ObjectName defaultAuthenticator = getAuthenticator(connection);

    String rest = null;
    try {
        String host = getHost(defaultAuthenticator, connection);
        String port = getPort(defaultAuthenticator, connection);
        String userBaseDN = getUserBaseDN(defaultAuthenticator, connection);
        DirContext ctx = getConnectionLdapOid(username, password, host, port, userBaseDN);
        rest = getAttribute(ctx, "cn=" + username + "," + userBaseDN, username);
    } catch (Exception ref) {
        // Do something to handle that
    }
    return rest;
    }

    private MBeanServer getConnection() {
    MBeanServer connection;
    try {
        InitialContext ctx = new InitialContext();
        connection = (MBeanServer) ctx.lookup(MBEAN_SERVER);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return connection;
    }

    private ObjectName getAuthenticator(MBeanServer connection) {
    ObjectName authenticator = null;
    ObjectName[] authenticationProviders;
    try {
        ObjectName configurationMBeans = new ObjectName(DOMAIN_MBEAN_NAME);
        ObjectName domain = (ObjectName) connection.getAttribute(configurationMBeans, DOMAIN_CONFIGURATION);

        ObjectName security = (ObjectName) connection.getAttribute(domain, SECURITY_CONFIGURATION);

        ObjectName realm = (ObjectName) connection.getAttribute(security, DEFAULT_REALM);

        authenticationProviders = (ObjectName[]) connection.getAttribute(realm, AUTHENTICATION_PROVIDERS);

        for (int p = 0; p < authenticationProviders.length; p++) {

        ModelMBeanInfo info = (ModelMBeanInfo) connection.getMBeanInfo(authenticationProviders[p]);
        Descriptor desc = info.getMBeanDescriptor();
        String className = (String) desc.getFieldValue(INTERFACE_CLASS_NAME);

        if (className.equals(OID_AUTHENTICATOR_MBEAN_NAME)) {
            authenticator = authenticationProviders[p];
            break;
        }
        }

    } catch (Exception e) {
        // Do something to handle that
    }
    return authenticator;
    }


    private DirContext getConnectionLdapOid(String username, String password, String host, String port, String userBaseDN) throws NamingException {
    Hashtable<String, String> jndiProps = new Hashtable<String, String>();
    jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY);
    jndiProps.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port);
    jndiProps.put(Context.SECURITY_AUTHENTICATION, "simple");
    jndiProps.put(Context.SECURITY_PRINCIPAL, "cn=" + username + "," + userBaseDN);
    jndiProps.put(Context.SECURITY_CREDENTIALS, password);
    DirContext ctx = new InitialDirContext(jndiProps);
    return ctx;
    }

    private String getHost(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
    String result = (String) connection.getAttribute(defaultAuthenticator, "Host");
    return result;
    }

    private String getPort(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
    String result = ((Integer) connection.getAttribute(defaultAuthenticator, "Port")).toString();
    return result;
    }

    private String getUserBaseDN(ObjectName defaultAuthenticator, MBeanServer connection) throws Exception {
    String result = (String) connection.getAttribute(defaultAuthenticator, "UserBaseDN");
    return result;
    }

    @SuppressWarnings("rawtypes")
    public static String getAttribute(DirContext ctx, String DN, String user) {
    String attrName, attrValue = "";
    String result = null;
    try {
        SearchControls ctls = new SearchControls();
        ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
        ctls.setReturningAttributes(new String[0]);
        NamingEnumeration sre = null;
        sre = ctx.search(DN, "cn=" + user, ctls);
        if (!(sre != null && sre.hasMoreElements())) {
        return null;
        }
        Attributes attrs = null;
        String returnAttrs[] = { ATTRIBUTE_NAME };
        attrs = ctx.getAttributes(DN, returnAttrs);
        NamingEnumeration enu = attrs.getAll();
        if ((enu != null) && enu.hasMore()) {
        Attribute attr = (Attribute) enu.next();
        attrName = attr.getID();
        NamingEnumeration attrValues = attr.getAll();
        if (attrValues.hasMore()) {
            attrValue = (String) attrValues.next();
        }
        }
        result = attrValue;
    } catch (NamingException e) {
        // Do something to handle that
    }
    return result;
    }
}