0

我正在尝试将 jbpm5.4 与 LDAP 服务器连接,并且我正在使用 JBOSS AS7。

  1. 我使用用户和角色详细信息设置 LDAP 服务器。

  2. 在 jBPM 中,我设置了此链接http://mswiderski.blogspot.in/2012/05/jbpm-53-brings-ldap-into-picture.html中提到的所有属性。

  3. 但是当我尝试通过 jbpm 控制台登录时,我收到消息“您无权使用此应用程序”。

  4. 我已附上服务器日志以供参考。

  5. 请在这方面帮助我。


server.log 包含


17:44:49,559 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost-127.0.0.1-8080-6) End getAppConfigurationEntry(jbpm-console), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=baseFilter, value=(uid={0})
name=bindDN, value=uid=admin,ou=system
name=rolesCtxDN, value=ou=Roles,dc=jbpm,dc=org
name=roleNameAttributeID, value=CN
name=baseCtxDN, value=ou=People,dc=jbpm,dc=org
name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory
name=allowEmptyPasswords, value=true
name=roleFilter, value=(member=uid={0},ou=People,dc=jbpm,dc=org)
name=bindCredential, value=****
name=java.naming.provider.url, value=ldap://localhost:10389
name=roleAttributeIsDN, value=true
name=searchScope, value=SUBTREE_SCOPE
name=roleAttributeID, value=cn
name=throwValidateError, value=true

17:44:49,569 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) initialize
17:44:49,569 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) Security domain: jbpm-console
17:44:49,570 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) login
17:44:49,572 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) Failed to parse: null, disabling recursion: java.lang.NumberFormatException: null
    at java.lang.Integer.parseInt(Unknown Source) [rt.jar:1.7.0_09]
    at java.lang.Integer.parseInt(Unknown Source) [rt.jar:1.7.0_09]
    at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:395) [picketbox-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:312) [picketbox-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:267) [picketbox-4.0.7.Final.jar:4.0.7.Final]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09]
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.7.0_09]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.7.0_09]
    at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext.invoke(Unknown Source) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext.access$000(Unknown Source) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext$4.run(Unknown Source) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext$4.run(Unknown Source) [rt.jar:1.7.0_09]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [rt.jar:1.7.0_09]
    at javax.security.auth.login.LoginContext.login(Unknown Source) [rt.jar:1.7.0_09]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.13.Final.jar:]
    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
    at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_09]

17:44:49,586 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) Logging into LDAP server, env={throwValidateError=true, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=***, jboss.security.security_domain=jbpm-console, java.naming.security.authentication=simple, baseCtxDN=ou=People,dc=jbpm,dc=org, roleAttributeIsDN=true, rolesCtxDN=ou=Roles,dc=jbpm,dc=org, java.naming.security.principal=uid=admin,ou=system, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(member=uid={0},ou=People,dc=jbpm,dc=org), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=CN, roleAttributeID=cn, bindDN=uid=admin,ou=system, bindCredential=***}
17:44:54,620 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) Logging into LDAP server, env={throwValidateError=true, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=***, jboss.security.security_domain=jbpm-console, java.naming.security.authentication=simple, baseCtxDN=ou=People,dc=jbpm,dc=org, roleAttributeIsDN=true, rolesCtxDN=ou=Roles,dc=jbpm,dc=org, java.naming.security.principal=cn=john,ou=People,dc=jbpm,dc=org, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(member=uid={0},ou=People,dc=jbpm,dc=org), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=CN, roleAttributeID=cn, bindDN=uid=admin,ou=system, bindCredential=***}
17:44:55,573 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) User 'john' authenticated, loginOk=true
17:44:55,574 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) commit, loginOk=true
17:44:55,620 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-6) defaultLogin, lc=javax.security.auth.login.LoginContext@20ae2ec, subject=Subject(1912636285).principals=org.jboss.security.SimplePrincipal@2142813699(john)org.jboss.security.SimpleGroup@969078903(CallerPrincipal(members:john))org.jboss.security.SimpleGroup@969078903(Roles(members))
17:44:55,623 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-6) updateCache, inputSubject=Subject(1912636285).principals=org.jboss.security.SimplePrincipal@2142813699(john)org.jboss.security.SimpleGroup@969078903(CallerPrincipal(members:john))org.jboss.security.SimpleGroup@969078903(Roles(members)), cacheSubject=Subject(2027969932).principals=org.jboss.security.SimplePrincipal@2142813699(john)org.jboss.security.SimpleGroup@969078903(CallerPrincipal(members:john))org.jboss.security.SimpleGroup@969078903(Roles(members))
17:44:55,625 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-6) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@521dd053
17:44:55,627 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-6) End isValid, true
17:44:55,725 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost-127.0.0.1-8080-6) Setting threadlocal:null
17:44:55,728 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost-127.0.0.1-8080-6) Setting threadlocal:null
17:44:55,754 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-6) Flushing john from cache
17:44:55,823 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-localhost-127.0.0.1-8080-6) logout

问候,

杰亚拉克什米

4

1 回答 1

0

自己找到了答案:

我用 roleFilter 修改了 stanalone.xml 文件,它应该是这样的:

                <authentication>

                    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                        <module-option name="bindDN" value="uid=admin,ou=system"/>

                        <module-option name="bindCredential" value="secret"/>

                        <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                        <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>

                        <module-option name="baseCtxDN" value="ou=People,dc=jbpm,dc=org"/>

                        <module-option name="baseFilter" value="(uid={0})"/>

                        <module-option name="rolesCtxDN" value="ou=Roles,dc=jbpm,dc=org"/>

                        <module-option name="roleFilter" value="(member={1})"/>

                        <module-option name="roleAttributeID" value="cn"/>

                        <module-option name="roleAttributeIsDN" value="true"/>

                        <module-option name="roleNameAttributeID" value="CN"/>

                        <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                        <module-option name="allowEmptyPasswords" value="true"/>

                        <module-option name="throwValidateError" value="true"/>

                        <module-option name="roleRecursion" value="-1"/>

                    </login-module>                       

                </authentication>

            </security-domain>
于 2013-04-03T11:26:11.043 回答