我正在从Jboss 7.1迁移到Wildfly并在失败的身份验证中获得异常。
要登录系统我使用spring-security-ldap和cas-client,当我在登录表单上输入错误的密码时,我得到例外:
Caused by: javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloa
der ModuleClassLoader for Module "deployment.gas.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationExceptio
n: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]]
at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)
at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_60]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_60]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_60]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) [spring-ldap-core-1.3.1.
RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) [spring-ldap-core-1.3.1
.RELEASE.jar:1.3.1.RELEASE]
... 48 more
我的弹簧安全模块:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.spring.security" slot="3.1.3">
<resources>
<resource-root path="spring-security-ldap-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-config-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-core-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-web-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-cas-3.1.3.RELEASE.jar"/>
<resource-root path="spring-ldap-core-1.3.1.RELEASE.jar"/>
</resources>
<dependencies>
<module name="org.spring.core" slot="3.2.1" export="true" />
<module name="org.jasig.cas.client.cas-client-core" slot="3.1.12" export="true"/>
<module name="org.apache.commons-lang" slot="2.5"/>
<module name="sun.jdk" export="true"/>
</dependencies>
</module>
Jboss AS 7.1的一切都很好,我可能忘记更改属性中的某些内容了吗?
---编辑
所有因为org.springframework.security.ldap.authentication.BindAuthentication类:
有一个函数bindWithDn(...),它试图用userDnStr创建上下文,如果不能则抛出异常。我有一个userDnStr列表和第一个userDnStr(如果用户不存在于此ldap文件夹中)函数抛出异常。但是在Wildfly上,它会抛出org.springframework.ldap.UncategorizedLdapException而不是像Jboss 7 / Tomcat上的AuthenticationException或OperationNotSupportedException
春天来源:
// This will be thrown if an invalid user name is used and the method may
// be called multiple times to try different names, so we trap the exception
// unless a subclass wishes to implement more specialized behaviour.
if ((e instanceof org.springframework.ldap.AuthenticationException)
|| (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
handleBindException(userDnStr, username, e);
} else {
throw e;
}
如果是AuthenticationException或OperationNotSupportedException,spring可以处理它并继续前进并尝试下一个userDnStr。还有一个问题是:为什么getContext()会在Wildfly上抛出UncategorizedLdapException?
答案 0 :(得分:0)
DN应该是管理员。或者允许在DC上进行匿名绑定。不要忘记域短名称shortName \ administrator。