我尝试使用LDAP登录模块配置JBoss,但到目前为止我一直没有成功。当我拿起我的webapp时,我得到了身份验证框,但我的凭据无效。
以下是我在服务器日志中遇到的错误:
15:40:15,951 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)初始化 15:40:15,952 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)安全域:LDAPAuth 15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)登录 15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)无法解析:null,禁用递归:java.lang.NumberFormatException:null 在java.lang.Integer.parseInt(Integer.java:454)[rt.jar:1.7.0_79] 在java.lang.Integer.parseInt(Integer.java:527)[rt.jar:1.7.0_79] 在org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:395)[picketbox-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:312)[picketbox-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:267)[picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[rt.jar:1.7.0_79] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[rt.jar:1.7.0_79] 在java.lang.reflect.Method.invoke(Method.java:606)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.access $ 000(LoginContext.java:203)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:690)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:688)[rt.jar:1.7.0_79] at java.security.AccessController.doPrivileged(Native Method)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.login(LoginContext.java:595)[rt.jar:1.7.0_79] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455)[jbossweb-7.0.13.Final.jar:] 在org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] 在org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)[jbossweb-7.0.13.Final.jar:] 在org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)[jbossweb-7.0.13.Final.jar:] 在org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler.process(Http11Protocol.java:671)[jbossweb-7.0.13.Final.jar:] 在org.apache.tomcat.util.net.JIoEndpoint $ Worker.run(JIoEndpoint.java:930)[jbossweb-7.0.13.Final.jar:] 在java.lang.Thread.run(Thread.java:745)[rt.jar:1.7.0_79]
然后是错误的密码错误:
15:40:15,974 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)登录LDAP服务器,env = {java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory,searchScope = ONELEVEL_SCOPE,java.naming.security.principal = uid = admin,ou = system,baseCtxDN = cn = ou = people,o = sevenSeas,roleAttributeID = cn,roleFilter =(uniquemember = {1}),allowEmptyPasswords = true,rolesCtxDN = cn = ou = groups,o = sevenSeas,baseFilter =(uid = {0}),jboss.security.security_domain = LDAPAuth,java.naming.provider.url = ldap: // localhost:10389,bindDN = uid = admin,ou = system,java.naming.security.authentication = simple,bindCredential = ,java.naming.security.credentials = } 15:40:15,984 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)用户名= cbuckley的密码错误 15:40:15,985 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule](http - 127.0.0.1-8088-1)中止 15:40:15,985 错误[org.jboss.security.authentication.JBossCachedAuthenticationManager](http - 127.0.0.1-8088-1)登录失败:javax.security.auth.login.FailedLoginException:密码不正确/需要密码 在org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270)[picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[rt.jar:1.7.0_79] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[rt.jar:1.7.0_79] 在java.lang.reflect.Method.invoke(Method.java:606)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.access $ 000(LoginContext.java:203)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:690)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:688)[rt.jar:1.7.0_79] at java.security.AccessController.doPrivileged(Native Method)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)[rt.jar:1.7.0_79] 在javax.security.auth.login.LoginContext.login(LoginContext.java:595)[rt.jar:1.7.0_79] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)[picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] 在org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455)[jbossweb-7.0.13.Final.jar:] 在org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] 在org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)[jbossweb-7.0.13.Final.jar:] 在org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)[jbossweb-7.0.13.Final.jar:] 在org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)[jbossweb-7.0.13.Final.jar:] 在org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler.process(Http11Protocol.java:671)[jbossweb-7.0.13.Final.jar:] 在org.apache.tomcat.util.net.JIoEndpoint $ Worker.run(JIoEndpoint.java:930)[jbossweb-7.0.13.Final.jar:] 在java.lang.Thread.run(Thread.java:745)[rt.jar:1.7.0_79]
以下是我的配置文件:
的web.xml
<web-app >
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LDAPAuth realm</realm-name>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
的JBoss-web.xml中
<jboss-web>
<security-domain>java:/jaas/LDAPAuth</security-domain>
standalone.xml
<security-domain name="LDAPAuth">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="cn=ou=people,o=sevenSeas"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="cn=ou=groups,o=sevenSeas"/>
<module-option name="roleFilter" value="(uniquemember={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
ApacheDS配置(七个来自apacheds用户指南的示例 - 抱歉,我没有足够的代表发布图片)
o=sevenSeas
ou=groups
ou=crews
ou=HMS Bounty (2 more)
ou=ranks
ou=people
cn=Cornelius Buckley (10 more)
我无法弄清楚它无法解析的内容。知道为什么这不起作用吗?谢谢。
答案 0 :(得分:0)
我认为你的baseCtxDN和rolesCtxDN值不应该有前缀&#34; cn =&#34;基于您的LDAP结构。