Spring-security-ldap:失败实例化InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory

时间:2014-07-30 10:43:37

标签: java spring jboss ldap wildfly

我正在从Jboss 7.1迁移到Wildfly并在失败的身份验证中获得异常。

要登录系统我使用spring-security-ldap和cas-client,当我在登录表单上输入错误的密码时,我得到例外:

    Caused by: javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloa
der ModuleClassLoader for Module "deployment.gas.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationExceptio
n: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]]
        at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
        at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
        at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)
        at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_60]
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_60]
        at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_60]
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
        at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) [spring-ldap-core-1.3.1.
RELEASE.jar:1.3.1.RELEASE]
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) [spring-ldap-core-1.3.1
.RELEASE.jar:1.3.1.RELEASE]
        ... 48 more

我的弹簧安全模块:

<?xml version="1.0" encoding="UTF-8"?>

<module xmlns="urn:jboss:module:1.1" name="org.spring.security" slot="3.1.3">
    <resources>
        <resource-root path="spring-security-ldap-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-config-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-core-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-web-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-cas-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-ldap-core-1.3.1.RELEASE.jar"/>
    </resources>

    <dependencies>
        <module name="org.spring.core" slot="3.2.1" export="true" />
        <module name="org.jasig.cas.client.cas-client-core" slot="3.1.12" export="true"/>
        <module name="org.apache.commons-lang" slot="2.5"/>
        <module name="sun.jdk" export="true"/>
    </dependencies>
</module>

Jboss AS 7.1的一切都很好,我可能忘记更改属性中的某些内容了吗?

---编辑

所有因为org.springframework.security.ldap.authentication.BindAuthentication类:

有一个函数bindWithDn(...),它试图用userDnStr创建上下文,如果不能则抛出异常。我有一个userDnStr列表和第一个userDnStr(如果用户不存在于此ldap文件夹中)函数抛出异常。但是在Wildfly上,它会抛出org.springframework.ldap.UncategorizedLdapException而不是像Jboss 7 / Tomcat上的AuthenticationException或OperationNotSupportedException

春天来源:

 // This will be thrown if an invalid user name is used and the method may
            // be called multiple times to try different names, so we trap the exception
            // unless a subclass wishes to implement more specialized behaviour.
            if ((e instanceof org.springframework.ldap.AuthenticationException)
                    || (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
                handleBindException(userDnStr, username, e);
            } else {
                throw e;
            }

如果是AuthenticationException或OperationNotSupportedException,spring可以处理它并继续前进并尝试下一个userDnStr。还有一个问题是:为什么getContext()会在Wildfly上抛出UncategorizedLdapException?

1 个答案:

答案 0 :(得分:0)

DN应该是管理员。或者允许在DC上进行匿名绑定。不要忘记域短名称shortName \ administrator。