• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

InitialContext - LDAP properties

 
Garlapati Ravi
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I need a clarrification on InitialContext properties:

weblogic.jndi.Environment env = new weblogic.jndi.Environment();
env.setProviderUrl(jndi_url);
System.setProperty("weblogic.StdoutDebugEnabled", rb.getString("Debug.StdoutDebugEnabled"));
InputStream key = new FileInputStream(rb.getString("SSL.KeyStore.Key"));
InputStream cert = new FileInputStream(rb.getString("SSL.KeyStore.Cert"));
env.setSSLClientCertificate(new InputStream[] {key, cert});
env.setSSLClientKeyPassword(rb.getString("SSL.KeyStore.KeyPassword"));
Context ctx = env.getInitialContext();

I am converting above code into vendor neutral(removing weblogic related stuff)

Hashtable props = new Hashtable();
props.put(Context.PROVIDER_URL,jndi_url);
props.put(Context.SECURITY_PRINCIPAL,rb.getString("SSL.KeyStore.Cert")); // ERROR, it's failing here
props.put(Context.SECURITY_CREDENTIALS,rb.getString("SSL.KeyStore.KeyPassword"));
Context ctx = new InitialContext(props);


Here I dont understand one thing, in the first part of the code, they are passing key and cert values in setSSLClientCertificate method, in the second part of code do i need to pass those values to any method ? I did some reading on this, we need to pass user releated information into SECURITY_PRINCIPAL constant. how is it looks like ?

Now my question is, can we reuse Key/Cert or do i need to have entirely new set of code ? Requesting to clarify.

Thanks,
Kumar
 
Freddy Wong
Ranch Hand
Posts: 959
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You got it wrong. The CONTEXT_SECURITY_PRINCIPAL will be for the user or bind DN and the SECURITY_CREDENTIALS will be for the password to connect to the LDAP. To use SSL as the communication protocol, you just need to set the system properties, e.g.
-Djavax.net.ssl.keyStore=MyKeystoreFile -Djavax.net.ssl.keyStorePassword=mysecret

For more info, you can read this

Hope this helps.
 
Garlapati Ravi
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Freddy, the link you provided not working, could you please send the correct one.
where we need to set the system properties ?
 
Freddy Wong
Ranch Hand
Posts: 959
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK. Fixed the link. You can specify it programmatically by using


Or you can add the java option in the startWebLogic.sh, e.g.
java --Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=password
 
Garlapati Ravi
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Freddy,
i think i got you upto some extent, still missing some concept, i read that material, may be becuase of confusion

1)You have specified about .jks file and password, but i need to pass user information aswell, to get the InitialContext object. ultimately i am looking for InitialContext object using SSL.
2)i got 2 more files, CERTIFICATE(.pem) and PRIVATE KEY(.key), do i need them any more.

Could you please clarify.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic