我正在嘗試使用LDAP登錄模塊配置JBoss,但到目前爲止我一直不成功。當我拉起我的web應用程序,我得到身份驗證框,但我的憑據不起作用。JBoss LDAP登錄模塊問題
這是我在服務器日誌中出現錯誤:
15:40:15,951 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) initialize 15:40:15,952 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) Security domain: LDAPAuth 15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) login 15:40:15,953 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) Failed to parse: null, disabling recursion: java.lang.NumberFormatException: null at java.lang.Integer.parseInt(Integer.java:454) [rt.jar:1.7.0_79] at java.lang.Integer.parseInt(Integer.java:527) [rt.jar:1.7.0_79] at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:395) [picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:312) [picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:267) [picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_79] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_79] at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]
再壞的密碼錯誤:
15:40:15,974 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, searchScope=ONELEVEL_SCOPE, java.naming.security.principal=uid=admin,ou=system, baseCtxDN=cn=ou=people,o=sevenSeas, roleAttributeID=cn, roleFilter=(uniquemember={1}), allowEmptyPasswords=true, rolesCtxDN=cn=ou=groups,o=sevenSeas, baseFilter=(uid={0}), jboss.security.security_domain=LDAPAuth, java.naming.provider.url=ldap://localhost:10389, bindDN=uid=admin,ou=system, java.naming.security.authentication=simple, bindCredential=, java.naming.security.credentials=} 15:40:15,984 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) Bad password for username=cbuckley 15:40:15,985 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8088-1) abort 15:40:15,985 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8088-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_79] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_79] at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_79] at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]
這裏是我的配置文件:
的web.xml
<web-app >
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LDAPAuth realm</realm-name>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
的JBoss-web.xml中
<jboss-web>
<security-domain>java:/jaas/LDAPAuth</security-domain>
standalone.xml
<security-domain name="LDAPAuth">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="cn=ou=people,o=sevenSeas"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="cn=ou=groups,o=sevenSeas"/>
<module-option name="roleFilter" value="(uniquemember={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
ApacheDS中配置(七海例如從用戶的ApacheDS克uide - 抱歉,我沒有足夠的代表張貼圖片)
o=sevenSeas
ou=groups
ou=crews
ou=HMS Bounty (2 more)
ou=ranks
ou=people
cn=Cornelius Buckley (10 more)
我找不出它是什麼解析失敗。任何想法爲什麼這不起作用?謝謝。