我正在尝试使用LDAP登录模块配置JBoss,但到目前为止我一直没有成功 . 当我拿起我的webapp时,我得到了身份验证框,但我的凭据无效 .
这是我在服务器日志中得到的错误:
15:40:15,951 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)初始化15:40:15,952 TRACE [org.jboss.security.auth.spi . LdapExtLoginModule](http - 127.0.0.1-8088-1)安全域:LDAPAuth 15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)登录15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)无法解析:null,禁用递归:java.lang.NumberFormatException:java中的null . lang.Integer.parseInt(Integer.java:454)[rt.jar:1.7.0_79]在org.jboss的java.lang.Integer.parseInt(Integer.java:527)[rt.jar:1.7.0_79] . security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:395)[picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule . java:312)[picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule .java:267)[picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl . 在java.lang.reflect.Method上的sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[rt.jar:1.7.0_79]中调用(NativeMethodAccessorImpl.java:57)[rt.jar:1.7.0_79] . 在javax.security的javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)[rt.jar:1.7.0_79]中调用(Method.java:606)[rt.jar:1.7.0_79] . auth.login.LoginContext.access $ 000(LoginContext.java:203)[rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:690)[rt.jar:1.7 .0_79]在javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:688)[rt.jar:1.7.0_79] java.security.AccessController.doPrivileged(Native Method)[rt.jar:1.7 .0_79] javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)[rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.login(LoginCon text.java:595)[rt.jar:1.7.0_79] at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)[picketbox-infinispan-4.0.7.Final.jar:4.0.7 .Final]在org.jboss.security.authentication的org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] . JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)[picketbox -infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214)[jboss-as-web-7.1.1.Final .jar:7.1.1.Final] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)[jbossweb-7.0.13.Final.jar:] at org .apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455)[jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)[jbossweb-7.0.13.Final.jar :] org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java: 109)[jbossweb-7.0.13.Final.jar:] atg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)[jbossweb-7.0.13.Final.jar:] at org.apache . coyote.http11.Http11Processor.process(Http11Processor.java:877)[jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler.process(Http11Protocol.java:671)[jbossweb- 7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint $ Worker.run(JIo Endpoint.java:930)[jbossweb-7.0.13.Final.jar:]在java.lang.Thread.run(Thread.java:745)[rt.jar:1.7.0_79]
然后是错误的密码错误:
15:40:15,974 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)登录LDAP服务器,env = {java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory,searchScope = ONELEVEL_SCOPE,java.naming.security.principal = uid = admin,ou = system,baseCtxDN = cn = ou = people,o = sevenSeas,roleAttributeID = cn,roleFilter =(uniquemember = {1}),allowEmptyPasswords = true,rolesCtxDN = cn = ou = groups,o = sevenSeas, baseFilter =(uid = {0}),jboss.security.security_domain = LDAPAuth,java.naming.provider.url = ldap:// localhost:10389,bindDN = uid = admin,ou = system,java.naming.security . authentication = simple,bindCredential =,java.naming.security.credentials =} 15:40:15,984 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)密码错误username = cbuckley 15:40:15,985 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)abort 15:40:15,985 ERROR [org.jboss.security.authentication . JBossCachedAuthenticationManager](http - 127.0.0.1-8088-1)登录失败:javax.security.auth.login.FailedLoginException:Password Inco在sun.reflect.NativeMethodAccessorImpl.invoke0的org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270)[picketbox-4.0.7.Final.jar:4.0.7.Final]中需要rrect / Password (本地方法)[rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[rt.jar:1.7.0_79] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 43)[rt.jar:1.7.0_79] at java.lang.reflect.Method.invoke(Method.java:606)[rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.invoke( LoginContext.java:762)[rt.jar:1.7.0_79] at javax.security.acess.auth.login.LoginContext.access $ 000(LoginContext.java:203)[rt.jar:1.7.0_79] at javax.security.auth .login.LoginContext $ 4.run(LoginContext.java:690)[rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:688)[rt.jar:1.7 . 0_79]在javax.security.auth.login.Login的java.security.AccessController.doPrivileged(Native Method)[rt.jar:1.7.0_79] Context.invokePriv(LoginContext.java:687)[rt.jar:1.7.0_79]在org的javax.security.auth.login.LoginContext.login(LoginContext.java:595)[rt.jar:1.7.0_79] . JBossCachedAuthenticationManager中的jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager . java:383)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)[picketbox-infinispan-4.0.7 .Final.jar:4.0.7.Final]在org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at在org.apache.cat上的org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] alina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455)[jbossweb-7.0 . 13.Final.jar:] org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)[ jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector .CoyoteAdapter.service(CoyoteAdapter.java:368)[jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)[jbossweb-7.0.13.Final .jar:] at org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler.pr ocess(Http11Protocol.java:671)[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint $ Worker.run(JIoEndpoint.java:930)[jbossweb-7.0.13 . Final.jar:]在java.lang.Thread.run(Thread.java:745)[rt.jar:1.7.0_79]
这是我的配置文件:
web.xml
<web-app >
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LDAPAuth realm</realm-name>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/LDAPAuth</security-domain>
standalone.xml
<security-domain name="LDAPAuth">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="cn=ou=people,o=sevenSeas"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="cn=ou=groups,o=sevenSeas"/>
<module-option name="roleFilter" value="(uniquemember={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
ApacheDS Config (七个来自apacheds用户指南的示例 - 抱歉,我没有足够的代表发布图片)
o=sevenSeas
ou=groups
ou=crews
ou=HMS Bounty (2 more)
ou=ranks
ou=people
cn=Cornelius Buckley (10 more)
我无法弄清楚它无法解析的内容 . 任何的想法为什么这不起作用?谢谢 .
1 回答
我认为您的baseCtxDN和rolesCtxDN值不应该基于您的LDAP结构具有前缀“cn =” .