directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1004162 - in /websites/staging/directory/trunk/content: ./ api/user-guide/5.1-ssl.html
Date Wed, 04 Jan 2017 23:33:55 GMT
Author: buildbot
Date: Wed Jan  4 23:33:55 2017
New Revision: 1004162

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jan  4 23:33:55 2017
@@ -1 +1 @@
-1777365
+1777388

Modified: websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html Wed Jan  4 23:33:55
2017
@@ -255,6 +255,44 @@ h2:hover > .headerlink, h3:hover > .head
 
 <p>This is as simple as that ! The <strong>636* port is the default </strong>LDAPS<strong>
port for standard </strong>LDAP<strong> servers, when running as </strong>root<strong>,
and for </strong>ApacheDS<strong> you will have to pick </strong>10636<strong>.
The </strong>true** flag is set to secure the connection. You don't need to close the
connection, it will be done automatically when exiting the try{...} block.</p>
 <p>By default, the selected protocol is <strong>TLS</strong>, and we wont
verify the server's certificate.</p>
+<h2 id="a-more-sophisticated-sample">A more sophisticated sample<a class="headerlink"
href="#a-more-sophisticated-sample" title="Permanent link">&para;</a></h2>
+<p>It's possible to have more control on the <strong>SSL</strong> configuration,
and specifically to provide a specific <strong>TrustManager</strong> :</p>
+<div class="codehilite"><pre>    <span class="k">try</span> <span
class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span>
<span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">Network</span><span class="p">.</span><span
class="n">LOOPBACK_HOSTNAME</span><span class="p">,</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">(),</span>
<span class="n">new</span> <span class="n">NoVerificationTrustManager</span><span
class="p">()</span> <span class="p">)</span> <span class="p">)</span>
+    <span class="p">{</span>
+        <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
+
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="p">((</span><span class="n">LdapNetworkConnection</span><span
class="p">)</span><span class="n">connection</span><span class="p">).</span><span
class="n">getConfig</span><span class="p">().</span><span class="n">isUseSsl</span><span
class="p">()</span> <span class="p">);</span>
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="n">connection</span><span class="p">.</span><span
class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+    <span class="p">}</span>
+</pre></div>
+
+
+<p>Here, we use the <em>NoVerificationTrustManager</em> class, but you
can define your own implementation. The <strong>Fortress</strong> project is using
<a href="https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java">this
class</a>.</p>
+<h2 id="using-a-configuration">Using a configuration<a class="headerlink" href="#using-a-configuration"
title="Permanent link">&para;</a></h2>
+<p>One step further : you can define a dediated configuration that is passed to the
constructor. Many parameters can be defined :</p>
+<ul>
+<li>the enabled cipher suites</li>
+<li>the enabled protocols</li>
+<li>the KeyManager instances</li>
+<li>the SecureRandom instance</li>
+<li>the SSL protocol to use</li>
+<li>the TrustManager instances</li>
+</ul>
+<p>All those parameters are configured using the <em>LdapConnectionConfig</em>
class :</p>
+<div class="codehilite"><pre>    <span class="n">LdapConnectionConfig</span>
<span class="n">sslConfig</span> <span class="p">=</span> <span
class="n">new</span> <span class="n">LdapConnectionConfig</span><span
class="p">();</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setLdapHost</span><span class="p">(</span> <span class="n">Network</span><span
class="p">.</span><span class="n">LOOPBACK_HOSTNAME</span> <span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setUseSsl</span><span class="p">(</span> <span class="n">true</span>
<span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setLdapPort</span><span class="p">(</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">()</span>
<span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setTrustManagers</span><span class="p">(</span> <span class="n">new</span>
<span class="n">NoVerificationTrustManager</span><span class="p">()</span>
<span class="p">);</span>
+
+    <span class="k">try</span> <span class="p">(</span> <span
class="n">LdapConnection</span> <span class="n">connection</span> <span
class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">sslConfig</span> <span class="p">)</span>
<span class="p">)</span>
+    <span class="p">{</span>
+        <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
+
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="p">((</span><span class="n">LdapNetworkConnection</span><span
class="p">)</span><span class="n">connection</span><span class="p">).</span><span
class="n">getConfig</span><span class="p">().</span><span class="n">isUseSsl</span><span
class="p">()</span> <span class="p">);</span>
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="n">connection</span><span class="p">.</span><span
class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+    <span class="p">}</span>
+</pre></div>
 
 
     <div class="nav">



Mime
View raw message