在documentation中,看起来我可以设置纯文本密码而不是加密密码。
com.iplanet.am.service.secret
使用纯文本密码时,请将其设置为代理配置文件的密码,并将am.encryption.pwd留空。
所以,我在OpenSSOAgentBootstrap.properties中设置了以下内容:
com.iplanet.am.service.secret = myPlainTextPassword
am.encryption.pwd =
现在访问代理应用程序会给我:
java.lang.RuntimeException: Failed to load configuration: Invalid application password specified
com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:790)
com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)
我还从here看到我应该使用com.iplanet.am.service.password。这也不起作用。
是否必须在OpenAM服务器上设置某些内容?我在代理方面遗漏了什么吗?
修改1
OpenAM Server是v12.0.0,Tomcat代理是v3.3.0。 异常之前的日志条目:
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization started
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.context.support.XmlWebApplicationContext - Refreshing WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/servlet-context.xml]
Apr 01, 2015 12:44:09 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'myapp'
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.beans.factory.support.DefaultListableBeanFactory - Overriding bean definition for bean 'mvcContentNegotiationManager': replacing [Root bean: class [org.springframework.web.accept.ContentNegotiationManagerFactoryBean]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration; factoryMethodName=mvcContentNegotiationManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]]
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader - Skipping bean definition for [BeanMethod:name=mvcUriComponentsContributor,declaringClass=org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport]: a definition for bean 'mvcUriComponentsContributor' already exists. This top-level bean definition is considered as an override.
2015-04-01 12:44:09,994 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:10,135 [localhost-startStop-1] INFO org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler]
2015-04-01 12:44:10,182 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext
2015-04-01 12:44:10,213 [localhost-startStop-1] INFO org.apache.tiles.access.TilesAccess - Publishing TilesContext for context: org.springframework.web.servlet.view.tiles3.SpringWildcardServletTilesApplicationContext
2015-04-01 12:44:10,244 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization completed in 610 ms
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8081"]
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8081"]
java.lang.RuntimeException: Invalid application password specified
at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1030)
at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720)
at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
代理的debug.out显示:
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
**********************************************
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration.setOrganizationName: organization name for realm is set to: /
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: service resolver set to: com.sun.identity.agents.tomcat.v6.AmTomcatAgentServiceResolver
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: service resolver reports EJBContext available: false
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main]
AgentConfiguration: Application User: myAgent
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main]
**********************************************
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main]
ERROR: JCEEncryption:: failed to decrypt data
java.lang.NullPointerException
at com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:246)
at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:141)
at com.iplanet.services.util.Crypt.decode(Crypt.java:343)
at com.iplanet.services.util.Crypt.decryptLocal(Crypt.java:238)
at com.sun.identity.agents.arch.AM70Crypt.decrypt(AM70Crypt.java:57)
at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1020)
at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720)
at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140)
at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579)
at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675)
at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274)
at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
答案 0 :(得分:2)
让我们看一下从GitHub: OpenRock/OpenAM
中获取的源代码private static synchronized void setApplicationPassword() {
if (!isInitialized()) {
try {
_crypt = ServiceFactory.getCryptProvider();
if(_crypt != null) {
String encodedPass = getProperty(SDKPROP_APP_PASSWORD);
_applicationPassword = _crypt.decrypt(encodedPass);
}
} catch (Exception ex) {
logError("AgentConfiguration: Unable to create new instance of " + "Crypt class with exception ", ex);
}
if (_applicationPassword == null || _applicationPassword.trim().length() == 0) {
throw new RuntimeException("Invalid application password specified");
}
}
}
常量SDFSFD defined为:
public static final String SDKPROP_APP_PASSWORD = "com.iplanet.am.service.secret";
正如您所看到的,AgentConfiguration
会读取密码并将其存储到encodedPass
中。
所以我相信方法getCryptProvider
会返回破解的Cryptprovider(_crypt
)。 _crypt.decrypt(encodedPass)
获取NullPointerException并且变量_applicationPassword
从未初始化,然后抛出RuntimeException。
确保您的配置允许或定义CryptProvider
。
好的,我看到了你的编辑
发生NullPointerException here。试着解释一下。
final Cipher pbeCipher = cipherProvider.getCipher(); // NPE
答案 1 :(得分:1)
文档似乎不正确,根据AgentConfiguration的源代码我可以告诉,密码只能以加密格式提供(这也意味着am.encryption.pwd也应该正确设置)