我已经解决了stackoverflow的其他问题,但似乎没有解决我的问题,配置tomcat与ldap进行管理员访问。 这就是我所做的
我能够验证用户身份验证是否成功,但是日志会抱怨没有关联的角色。
2017-04-25 14:17:54,644 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[HTMLManger and Manager command]' against GET /html --> true
2017-04-25 14:17:54,644 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- Checking constraint 'SecurityConstraint[HTMLManger and Manager command]' against GET /html --> true
2017-04-25 14:17:54,644 [http-8080-1] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Calling hasUserDataPermission()
2017-04-25 14:17:54,644 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- User data constraint has no restrictions
2017-04-25 14:17:54,644 [http-8080-1] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Calling authenticate()
2017-04-25 14:17:54,648 [http-8080-1] DEBUG org.apache.catalina.realm.CombinedRealm- Attempting to authenticate user "manager" with realm "org.apache.catalina.realm.JNDIRealm/1.0"
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.realm.CombinedRealm- Authenticated user "manager" with realm "org.apache.catalina.realm.JNDIRealm/1.0"
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Authenticated 'manager' with type 'BASIC'
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Calling accessControl()
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- Checking roles GenericPrincipal[manager()]
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- Different realm org.apache.catalina.realm.LockOutRealm@2eeb0945 org.apache.catalina.realm.JNDIRealm@4af37bb8
2017-04-25 14:17:54,667 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- Username manager does NOT have role manager
2017-04-25 14:17:54,668 [http-8080-1] DEBUG org.apache.catalina.realm.RealmBase- No role found: manager
2017-04-25 14:17:54,668 [http-8080-1] DEBUG org.apache.catalina.authenticator.AuthenticatorBase- Failed accessControl() test
注意:我已经验证了manager / WEB-INF / web.xml中存在管理员角色,并且我还有一个名为tomcatRole = manager的ldap属性。我有userRoleName =" tomcatRole"在server.xml中为JNDIRealm配置。
我缺少哪些配置?
版本:tomcat6
LDAP:OUD
感谢。
答案 0 :(得分:0)
我已经确定了这个问题。 ldap服务器上缺少ACI,因为tomcat进程无法在ldap上找到该角色。添加了新的aci解决了这个问题。