我正在尝试使用Active Directory对我网络上的用户进行身份验证 应用。如果我使用正确的话,这现在正常工作 凭据,但如果我输入的凭据不正确,我会得到 跟随错误[1]并且不允许进一步尝试。我没有 当我只使用UserDatabaseRealm时出现此问题。
编辑:按照@kotacc的建议升级到Tomcat 8.0.15之后,输入错误的凭据时,我仍然收到错误(请参阅下面的[5])。 编辑结束
我的server.xml在[2]中,我的web.xml在[3]中 我的配置详情见[4]。
知道什么是错的?任何人都可以指出我的权利 这方面的文件?
问候
本
[2]这是我的server.xml中的相关部分:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.CombinedRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://someServer.mycompany.com:389"
connectionName="OneUser@mycompany.CORP"
connectionPassword="aPassword"
referrals="follow"
userBase="ou=Users,OU=somServer,DC=mycompany,DC=CORP"
userSearch="(sAMAccountName={0})"
userSubtree="true"
/>
</Realm>
</Realm>
[3]这是我的web.xml中的相关部分:
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires
authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<description>Matches a few special pages.</description>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<!-- No auth-constraint means everybody has access! -->
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>this is the standard user</description>
<role-name>*</role-name>
</security-role>
[4]这是在Windows 7 64位上运行的Tomcat 7.0.57
> java -version java version "1.7.0_71" Java(TM) SE Runtime Environment
> (build 1.7.0_71-b14) Java HotSpot(TM) 64-Bit Server VM (build
> 24.71-b01, mixed mode)
[1]这里是错误:
java.lang.NullPointerException
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1303)
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1253)
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1194)
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1069)
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:180)
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:164)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:575)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)
[5]这是Tomcat 8.0.15的错误:
java.lang.NullPointerException
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1286)
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1236)
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1177)
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1052)
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:157)
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:157)
org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:180)
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:111)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1085)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658)
org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1513)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)
答案 0 :(得分:1)
它似乎是Tomcat 7.0.57中的一个缺陷。如果您在第1300行看到source code,则不会进行空检查。我在这里粘贴了这段代码并给出了我的评论:
protected User getUser(DirContext context, String username,
String credentials, int curUserPattern)
throws NamingException {
...
if (userPatternFormatArray != null && curUserPattern >= 0) {
user = getUserByPattern(context, username, credentials, attrIds, curUserPattern);
} else {
user = getUserBySearch(context, username, attrIds);
}
if (userPassword == null && credentials != null) { //Line 1300;No null check for 'user' object.
return new User(user.getUserName(), user.getDN(), credentials,
user.getRoles(), user.getUserRoleId());
}
return user;
}
似乎在Tomcat 7.0.57版本中添加了1300行。我还可以看到它已在trunk中解决,但尚未发布。我建议你使用以前的版本(7.0.56)或Tomcat 8。
[编辑] :似乎所有版本的Tomcat 8都没有修复缺陷。截至目前,最新版本的Tomcat即7.0.57和8.0.15都有此缺陷。