当我将 java 从 1.8.161 升级到 1.8.181 时,我无法从我的应用程序连接到 LDAP, 当我尝试使用在 LDAP 中处于 Activity 状态的用户登录到应用程序时,出现以下异常。
javax.naming.CommunicationException: : [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address found]
我找到了下面的 release notes在 Oracle 站点上的版本 1.8.181
Changes
core-libs/javax.naming ➜ Improve LDAP support Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property:
com.sun.jndi.ldap.object.disableEndpointIdentification
.Define this system property (or set it to true) to disable endpoint identification algorithms.
我尝试将该属性设置为 true,如下所示以及其他属性。但它仍然会抛出同样的错误。
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, ctxFactory);
env.put(Context.PROVIDER_URL, providerUrl);
env.put(Context.SECURITY_PRINCIPAL, secPrincipal);
env.put(Context.SECURITY_AUTHENTICATION, secAuthentication);
env.put(Context.SECURITY_CREDENTIALS, secCredentials);
env.put("com.sun.jndi.ldap.object.disableEndpointIdentification" ,disableEndpointIdentification);
DirContext ldapCtx = new InitialDirContext(env);
需要您的帮助,我们需要如何以及在何处设置属性
com.sun.jndi.ldap.object.disableEndpointIdentification
为真。
Context Interface中也没有与此相关的常量String变量。
如果我恢复到 java 1.8.161 版本它工作正常。
最佳答案
doc 讲述应用程序系统属性而不是 Ldap 上下文环境
然后它需要在应用程序的应用程序 JVM(java 命令行)上设置为
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
关于java - java 1.8.181版本如何禁用端点识别,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51449801/