0
我目前正在運行OpenLDAP 2.4.45的實例作爲Talend ESB容器的身份驗證器。我使用TLS連接到LDAP,並設法讓我的JMS代理連接並使用org.apache.activemq.jaas.LDAPLoginModule成功使用LDAP,但是在使用org.apache.karaf.jaas時.modules.ldap.LDAPLoginModule爲Web服務,我得到以下堆棧跟蹤:org.apache.karaf.jaas.modules.ldap無法爲LDAP設置SSL支持
2017-08-11 19:04:13,828 | WARN | qtp272427408-140 | LDAPLoginModule | 126 - org.apache.karaf.jaas.modules - 4.0.8 | Can't connect to the LDAP server: Unable to setup SSL support for LDAP: null
javax.naming.NamingException: Unable to setup SSL support for LDAP: null
at org.apache.karaf.jaas.modules.ldap.LDAPOptions.setupSsl(LDAPOptions.java:178)
at org.apache.karaf.jaas.modules.ldap.LDAPOptions.getEnv(LDAPOptions.java:158)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.open(LDAPCache.java:113)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.doGetUserDnAndNamespace(LDAPCache.java:151)
at org.apache.karaf.jaas.modules.ldap.LDAPCache.getUserDnAndNamespace(LDAPCache.java:142)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:115)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:54)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.8.jar:]
at sun.reflect.GeneratedMethodAccessor104.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_131]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[:1.8.0_131]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[:1.8.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[:1.8.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[:1.8.0_131]
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_131]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.8.0_131]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)[:1.8.0_131]
at org.apache.cxf.interceptor.security.JAASLoginInterceptor.handleMessage(JAASLoginInterceptor.java:141)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[67:org.apache.cxf.cxf-core:3.1.10]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)[19:javax.servlet-api:3.1.0]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)[92:org.apache.cxf.cxf-rt-transports-http:3.1.10]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[198:org.eclipse.jetty.security:9.2.19.v20160908]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:287)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[200:org.eclipse.jetty.servlet:9.2.19.v20160908]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[223:org.ops4j.pax.web.pax-web-jetty:4.3.0]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.Server.handle(Server.java:499)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[199:org.eclipse.jetty.server:9.2.19.v20160908]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[191:org.eclipse.jetty.io:9.2.19.v20160908]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[202:org.eclipse.jetty.util:9.2.19.v20160908]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[202:org.eclipse.jetty.util:9.2.19.v20160908]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]
我的配置文件我的認證:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="KarafLdapConfiguration" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url=ldaps://ldap:4444
connection.username=uid=user,ou=users,dc=base
connection.password=password
authentication=simple
user.base.dn=ou=users,dc=base
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=groups,dc=base
role.filter=(uniquemember=%fqdn)
role.name.attribute=uid
role.search.subtree=true
ssl=true
ssl.protocol=TLS
ssl.algorithm=PKIX
ssl.keystore=store
ssl.keyalias=myalias
ssl.truststore=trust
</jaas:module>
</jaas:config>
<jaas:keystore name="store"
path="file:///some/path/keystore.jks
keystorePassword="secret"
keyPasswords="secret" />
<jaas:keystore name="trust"
path="file:///some/path/truststore.jks
keystorePassword="secret" />
</blueprint>
我在這裏的懷疑是我失蹤了SSL。提供程序選項在此配置文件中。儘管源代碼似乎在尋找某種URI,但文檔並不清楚這是什麼。我花了不少時間搜索,但我找不到提供CA服務的公司之外的什麼和SSL提供商的任何信息。我不知道這個URI可能在尋找什麼。我沒有做撤銷檢查,所以沒有。有什麼想法可能會在這裏出錯?