Tomcat 9-Ldap身份验证-Http状态408

时间:2019-09-17 14:20:15

标签: tomcat ldap web.xml

我们正在将旧的应用程序从WebSphere 8.5.5迁移到Apache Tomcat服务器。为此,我正在尝试在本地Tomcat中设置LDAP,因为这就是我们对用户进行身份验证/授权的方式。

当我部署Web应用程序时,容器确实说日志显示它能够认证用户并获取与该用户相关联的所有LDAP用户组,但最终它给出了

  

org.apache.catalina.authenticator.AuthenticatorBase.invoke失败   authenticate()测试

这是在具有Apache Tomcat 9.0.7并采用OpenJDK 8.0.212.04-hotspot的Windows 10服务器中

login.jsp 

<form action="/client/j_security_check" method=post>
   <table>
      <tr>
         <td>
            <input type="text" name="j_username" size="32" value="">
         </td>
         <td>
            <input type="password" name="j_password" size="32" value="">
            <input type="submit" name="" value="Login" class="StandardButton">
         </td>
      </tr>
   </table>
</form>

server.xml 我删除了现有领域,并添加了以下领域

<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldaps://dev-ldap.ap.test.com:636" userPattern="uid={0},ou=people,dc=au,dc=test,dc=com" roleBase="ou=groups,dc=au,dc=test,dc=com" roleName="cn" roleSearch="(uniqueMember={0})"/>

h2。 web.xml(应用程序)

<servlet>
        <servlet-name>Controller Servlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
        <security-role-ref>
            <role-name>webapps-client-users</role-name>
            <role-link>authorised</role-link>
        </security-role-ref>
        <security-role-ref>
            <role-name>webapps-client-test-users</role-name>
            <role-link>test</role-link>
        </security-role-ref>
        <security-role-ref>
            <role-name>webapps-client-approver-users</role-name>
            <role-link>approver</role-link>
        </security-role-ref>        
    </servlet>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>secured-urls</web-resource-name>
            <url-pattern>/**/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>authorised</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>unsecured-urls</web-resource-name>
            <url-pattern>/client/html/*</url-pattern>
            <url-pattern>/client/css/*</url-pattern>
            <url-pattern>/client/img/*</url-pattern>
            <url-pattern>/client/js/*</url-pattern>
            <url-pattern>/j_security_check</url-pattern>
            <url-pattern>/loginPage.do</url-pattern>
            <url-pattern>/index.html</url-pattern>
            <url-pattern>/clientTimeOut.do</url-pattern>
            <url-pattern>/errorPage_403.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>restricted-urls</web-resource-name>
            <url-pattern>*.do</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>authorised</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <description>authenticated</description>
        <role-name>authenticated</role-name>
    </security-role>

    <security-role>
        <description>authorised</description>
        <role-name>authorised</role-name>
    </security-role>

    <security-role>
        <description>test</description>
        <role-name>test</role-name>
    </security-role>

    <security-role>
        <description>approver</description>
        <role-name>approver</role-name>
    </security-role>


    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>User Authentication</realm-name>
        <form-login-config>
            <form-login-page>/loginPage.do</form-login-page>
            <form-error-page>/loginPage.do?method=fail</form-error-page>
        </form-login-config>
    </login-config>

日志

17-Sep-2019 23:39:55.463 FINE [http-nio-8080-exec-4] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /client/j_security_check
.....
.....
17-Sep-2019 23:39:55.464 FINE [http-nio-8080-exec-4] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
17-Sep-2019 23:39:55.464 FINE [http-nio-8080-exec-4] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'test'
....
17-Sep-2019 23:39:55.464 FINER [http-nio-8080-exec-4] org.apache.catalina.realm.JNDIRealm.bindAsUser   binding as uid=test,ou=people,dc=au,dc=test,dc=com
17-Sep-2019 23:39:55.518 FINER [http-nio-8080-exec-4] org.apache.catalina.realm.JNDIRealm.checkCredentials Username [test] successfully authenticated
17-Sep-2019 23:39:55.518 FINER [http-nio-8080-exec-4] org.apache.catalina.realm.JNDIRealm.getRoles   
..........
........
17-Sep-2019 23:39:55.575 FINE [http-nio-8080-exec-4] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'test' was successful
17-Sep-2019 23:39:55.575 FINE [http-nio-8080-exec-4] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed authenticate() test

0 个答案:

没有答案
相关问题
最新问题