2016-04-21 203 views
0

我在Tomcat 5.5上有一個應用程序,我定義了以下兩個連接器(一個用於http連接,一個用於https連接)。Tomcat 5.5 https連接器vs ldap連接

<Connector port="48080" maxHttpHeaderSize="8192" address="0.0.0.0" 
    maxThreads="512" minSpareThreads="64" maxSpareThreads="200" 
    enableLookups="false" redirectPort="8443" acceptCount="100" 
    connectionTimeout="60000" disableUploadTimeout="true" /> 

<Connector className="org.apache.catalina.connector.http.HttpConnector" 
      port="28443" 
     maxThreads="512" 
      minProcessors="256" maxProcessors="500" 
      enableLookups="true" 
      acceptCount="100" 
      debug="0" 
      scheme="https" 
      secure="true" 
      allowChunking="false" 
      clientAuth="false" 
      sslProtocol="TLS" 
      keystoreFile="pathOfCertificate" 
      keystorePass="password" 
      keystoreType="PKCS12" /> 

我開發了一個安全的LDAP connetction當我評論的HTTPS連接器(28443)LDAP的作品,很明顯HTTPS上28443端口連接不起作用。如果我對https連接器進行分解,則ldap不適用於以下例外情況,顯然https連接可以工作。

javax.naming.CommunicationException: simple bind failed: ssoha.aosp.bo.it:636 [Root exception is javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64] 
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195) 
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720) 
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) 
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) 
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) 
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) 
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) 
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) 
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) 
at javax.naming.InitialContext.init(InitialContext.java:223) 
at javax.naming.InitialContext.<init>(InitialContext.java:197) 
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) 
at com.noemalife.logon.api.LDAPSProcessor.verifyLogin(LDAPSProcessor.java:76) 
at it.dianoema.dnweb.dnlis.servlets.SLoginLDAP.doPost(SLoginLDAP.java:137) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) 
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:881) 
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:674) 
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:541) 
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) 
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) 
at java.lang.Thread.run(Thread.java:662) 
Caused by: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64 
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1617) 
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:105) 
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) 
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) 
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414) 
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387) 
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332) 
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190) 
... 30 more 
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64 
at com.sun.crypto.provider.TlsPrfGenerator.expand(DashoA13*..) 
at com.sun.crypto.provider.TlsPrfGenerator.doPRF(DashoA13*..) 
at com.sun.crypto.provider.TlsPrfGenerator.doPRF(DashoA13*..) 
at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(DashoA13*..) 
at javax.crypto.KeyGenerator.generateKey(DashoA13*..) 
at com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:753) 
at com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:873) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:241) 
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) 
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654) 
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100) 

任何建議?先謝謝你。

+0

你開發了一個安全的LDAP連接」怎麼樣?你認爲HTTP與LDAP有什麼關係? – EJP

+0

當我評論https連接器時,它可以正常工作。 –

+0

我嘗試使用Java7,它也可以工作,但我需要使用java6 –

回答

0

這裏的LDAP實現:

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");  
    env.put(Context.PROVIDER_URL, "ldaps://" + srv + ":"+server_port+"/??base?(objectClass=*)"); 

    if (authentication == null || authentication.trim().equals("")) 
     authentication = "simple"; 
    env.put(Context.SECURITY_AUTHENTICATION, authentication); 
    env.put(Context.SECURITY_PROTOCOL, "ssl"); 

    String keystore = System.getProperty("java.home") + "/lib/security/cacerts"; 
    System.setProperty("javax.net.ssl.trustStore", keystore); 
    String securityPrincipal = null; 

    if (this.template == null || this.template.equals("")) 
     securityPrincipal = "cn=" + user + "," + this.root; 
    else 
     securityPrincipal = this.template.replace("${user}", user); 

    env.put(Context.SECURITY_PRINCIPAL, user + "@" + this.domain); 
    env.put(Context.SECURITY_PRINCIPAL, "cn=" + user + "," + this.root); 
    env.put(Context.SECURITY_PRINCIPAL, securityPrincipal); 
    env.put(Context.SECURITY_CREDENTIALS, password); 

    try { 
     DirContext ctx = new InitialDirContext(env); 
    } ....