我正在开发一个Java Web应用程序,其中应用程序在与其他应用程序交互时模拟用户。由于没有对特定应用程序本身应用授权,因此该委托机制正常工作是至关重要的。使用的身份验证机制是Kerberos。
我希望能够使用JUnit运行嵌入式KDC来验证各种身份验证方面。我正在尝试使用ApacheDS - 几年前有一些关于如何使用LDAP执行此操作的示例,我按照示例here开始使用。在链接的示例之后,当我运行此烟雾测试时,我无法使第1步工作:
@RunWith(FrameworkRunner.class)
@CreateDS(name = "KerberosTcpITest", partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com")}, additionalInterceptors = {KeyDerivationInterceptor.class})
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@CreateKdcServer(transports = {@CreateTransport(protocol = "TCP", port = 6086)})
@ApplyLdifFiles("example.ldif")
public class EmbeddedKerberos101 {
@Test
public void test() {
}
}
我在尝试查找LDIF文件架构时遇到错误/ ou = schema / cn = apachedns / ou = objectclasses / m-oid = 1.3.6.1.4.1.18060.0.4.2.3.9.ldif,看起来像我的@正在忽略ApplyLdifFiles注释,并且还将恢复默认值。
堆栈跟踪是:
org.apache.directory.api.ldap.schema.extractor.UniqueResourceException: Problem locating LDIF file in schema repository
Multiple copies of resource named 'schema/ou=schema/cn=apachedns/ou=objectclasses/m-oid=1.3.6.1.4.1.18060.0.4.2.3.9.ldif' located on classpath at urls
jar:file:/Users/*/.m2/repository/org/apache/directory/api/api-ldap-schema-data/1.0.0-RC1/api-ldap-schema-data-1.0.0-RC1.jar!/schema/ou%3dschema/cn%3dapachedns/ou%3dobjectclasses/m-oid%3d1.3.6.1.4.1.18060.0.4.2.3.9.ldif
jar:file:/Users/*/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar!/schema/ou%3dschema/cn%3dapachedns/ou%3dobjectclasses/m-oid%3d1.3.6.1.4.1.18060.0.4.2.3.9.ldif
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.getUniqueResource(DefaultSchemaLdifExtractor.java:358)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.getUniqueResourceAsStream(DefaultSchemaLdifExtractor.java:335)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractFromClassLoader(DefaultSchemaLdifExtractor.java:373)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractOrCopy(DefaultSchemaLdifExtractor.java:165)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractOrCopy(DefaultSchemaLdifExtractor.java:185)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.initSchema(DefaultDirectoryServiceFactory.java:172)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.build(DefaultDirectoryServiceFactory.java:256)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.init(DefaultDirectoryServiceFactory.java:125)
at org.apache.directory.server.core.factory.DSAnnotationProcessor.createDS(DSAnnotationProcessor.java:96)
at org.apache.directory.server.core.factory.DSAnnotationProcessor.getDirectoryService(DSAnnotationProcessor.java:328)
at org.apache.directory.server.core.integ.FrameworkRunner.run(FrameworkRunner.java:109)
在我的测试资源中,我有krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = localhost:6088
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = false
和example.ldif
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
烟雾测试没有启动的原因是什么?是否有一个即插即用的替代方案可以在我的身份验证集中/本地集成测试中启动并运行模拟KDC?其他开发人员如何测试其凭据委派机制是否有效?
答案 0 :(得分:0)
尝试从您的apached依赖项中排除 org.apache.directory.api:api-ldap-schema-data 。