如何禁用 java 1.8.181 版本的端点识别

How to disable endpoint identification for java 1.8.181 version(如何禁用 java 1.8.181 版本的端点识别)

问题描述

当我将 java 从 1.8.161 升级到 1.8.181 时，我无法从我的应用程序连接到 LDAP，当我尝试使用在 LDAP 中处于活动状态的用户登录应用程序时，出现以下异常.

When I upgraded java from 1.8.161 to 1.8.181, I am not able to connect to LDAP from my application, i get below exception when i try to login to application with a user that is active in LDAP.

javax.naming.CommunicationException: : [根异常是javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:未找到与 IP 地址匹配的主题备用名称]

javax.naming.CommunicationException: : [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address found]

我在以下发行说明上找到了版本 1.8.181 的 Oracle 站点

I found the below release notes on the Oracle site for version 1.8.181

变化

核心库/javax.naming➜ 改进 LDAP 支持已在 LDAPS 连接上启用端点识别.

core-libs/javax.naming ➜ Improve LDAP support Endpoint identification has been enabled on LDAPS connections.

为了提高 LDAPS(基于 TLS 的安全 LDAP)连接的健壮性，端点识别默认情况下已启用算法.

To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.

请注意，在某些情况下，某些应用程序之前能够成功连接到 LDAPS 服务器可能不再能够这样做.如果它们认为合适，此类应用程序可以使用新系统属性:com.sun.jndi.ldap.object.disableEndpointIdentification.

Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.

定义此系统属性(或将其设置为 true)以禁用端点识别算法.

Define this system property (or set it to true) to disable endpoint identification algorithms.

<小时>

我尝试将该属性与其他属性一起设置为 true，如下所示.但它仍然会引发同样的错误.

---

I tried to set the property to true as below along with other properties. But still it throws same error.

Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, ctxFactory);
    env.put(Context.PROVIDER_URL, providerUrl);
    env.put(Context.SECURITY_PRINCIPAL, secPrincipal);
    env.put(Context.SECURITY_AUTHENTICATION, secAuthentication);
    env.put(Context.SECURITY_CREDENTIALS, secCredentials);
   env.put("com.sun.jndi.ldap.object.disableEndpointIdentification" ,disableEndpointIdentification);
    DirContext ldapCtx = new InitialDirContext(env);

需要您的帮助，我们需要如何以及在何处设置属性com.sun.jndi.ldap.object.disableEndpointIdentification 为真.

Need your help how and where exactly we need to set the property com.sun.jndi.ldap.object.disableEndpointIdentification to true.

上下文接口中也没有与此相关的常量String变量.

There is no such constant String variable related to this in Context Interface too.

如果我恢复到 java 1.8.161 版本，它可以正常工作.

If I revert back to java 1.8.161 version it works fine.

推荐答案

doc 讲述的是应用系统属性，而不是 Ldap 上下文环境

doc tells about application system property and not about Ldap context environment

然后需要在应用程序 JVM(java 命令行)上为应用程序设置为

then it needs to be setup on application JVM (java command line) for the app as

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

这篇关于如何禁用 java 1.8.181 版本的端点识别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！