OpenAM Java EE代理纯文本密码

时间:2015-04-01 19:03:33

标签: openam

documentation中,看起来我可以设置纯文本密码而不是加密密码。

  

com.iplanet.am.service.secret

     

使用纯文本密码时,请将其设置为代理配置文件的密码,并将am.encryption.pwd留空。

所以,我在OpenSSOAgentBootstrap.properties中设置了以下内容:

com.iplanet.am.service.secret = myPlainTextPassword
am.encryption.pwd = 

现在访问代理应用程序会给我:

java.lang.RuntimeException: Failed to load configuration: Invalid application password specified
    com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:790)
    com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
    com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
    com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
    com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
    com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
    com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)

我还从here看到我应该使用com.iplanet.am.service.password。这也不起作用。

是否必须在OpenAM服务器上设置某些内容?我在代理方面遗漏了什么吗?


修改1

OpenAM Server是v12.0.0,Tomcat代理是v3.3.0。 异常之前的日志条目:

2015-04-01 12:44:09,634 [localhost-startStop-1] INFO  org.springframework.web.servlet.DispatcherServlet  - FrameworkServlet 'myapp': initialization started
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO  org.springframework.web.context.support.XmlWebApplicationContext  - Refreshing WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO  org.springframework.beans.factory.xml.XmlBeanDefinitionReader  - Loading XML bean definitions from ServletContext resource [/WEB-INF/servlet-context.xml]
Apr 01, 2015 12:44:09 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'myapp'
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO  org.springframework.beans.factory.support.DefaultListableBeanFactory  - Overriding bean definition for bean 'mvcContentNegotiationManager': replacing [Root bean: class [org.springframework.web.accept.ContentNegotiationManagerFactoryBean]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration; factoryMethodName=mvcContentNegotiationManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]]
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO  org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader  - Skipping bean definition for [BeanMethod:name=mvcUriComponentsContributor,declaringClass=org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport]: a definition for bean 'mvcUriComponentsContributor' already exists. This top-level bean definition is considered as an override.
2015-04-01 12:44:09,994 [localhost-startStop-1] INFO  org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter  - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:10,135 [localhost-startStop-1] INFO  org.springframework.web.servlet.handler.SimpleUrlHandlerMapping  - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler]
2015-04-01 12:44:10,182 [localhost-startStop-1] INFO  org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter  - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:10,213 [localhost-startStop-1] INFO  org.apache.tiles.access.TilesAccess  - Publishing TilesContext for context: org.springframework.web.servlet.view.tiles3.SpringWildcardServletTilesApplicationContext
2015-04-01 12:44:10,244 [localhost-startStop-1] INFO  org.springframework.web.servlet.DispatcherServlet  - FrameworkServlet 'myapp': initialization completed in 610 ms
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8081"]
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8081"]
java.lang.RuntimeException: Invalid application password specified
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1030)
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720)
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

代理的debug.out显示:

amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
**********************************************
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration.setOrganizationName: organization name for realm is set to: /
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: service resolver set to: com.sun.identity.agents.tomcat.v6.AmTomcatAgentServiceResolver
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: service resolver reports EJBContext available: false
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: Application User: myAgent
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main]
**********************************************
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main]
ERROR: JCEEncryption:: failed to decrypt data
java.lang.NullPointerException
    at com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:246)
    at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:141)
    at com.iplanet.services.util.Crypt.decode(Crypt.java:343)
    at com.iplanet.services.util.Crypt.decryptLocal(Crypt.java:238)
    at com.sun.identity.agents.arch.AM70Crypt.decrypt(AM70Crypt.java:57)
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1020)
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720)
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

2 个答案:

答案 0 :(得分:2)

让我们看一下从GitHub: OpenRock/OpenAM

中获取的源代码
private static synchronized void setApplicationPassword() {
    if (!isInitialized()) {
        try {
            _crypt = ServiceFactory.getCryptProvider();
            if(_crypt != null) {
                String encodedPass = getProperty(SDKPROP_APP_PASSWORD);
                _applicationPassword = _crypt.decrypt(encodedPass);
            }
        } catch (Exception ex) {
            logError("AgentConfiguration: Unable to create new instance of " + "Crypt class with exception ", ex);
        }
        if (_applicationPassword == null || _applicationPassword.trim().length() == 0) {
            throw new RuntimeException("Invalid application password specified");
        }
    }
}

常量SDFSFD defined为:

public static final String SDKPROP_APP_PASSWORD = "com.iplanet.am.service.secret";

正如您所看到的,AgentConfiguration会读取密码并将其存储到encodedPass中。

所以我相信方法getCryptProvider会返回破解的Cryptprovider(_crypt)。 _crypt.decrypt(encodedPass)获取NullPointerException并且变量_applicationPassword从未初始化,然后抛出RuntimeException。

确保您的配置允许或定义CryptProvider


好的,我看到了你的编辑

发生NullPointerException here。试着解释一下。

final Cipher pbeCipher = cipherProvider.getCipher(); // NPE

答案 1 :(得分:1)

文档似乎不正确,根据AgentConfiguration的源代码我可以告诉,密码只能以加密格式提供(这也意味着am.encryption.pwd也应该正确设置)