无法弄清楚为什么这在我的测试服务器上不起作用。Glassfish 3 正在使用相同的 LDAP 详细信息进行身份验证,所以我希望这里有人可以提供帮助。我在日志中得到的只是密码不正确/需要密码的错误,这似乎是配置中的任何错误导致此问题。到目前为止,我的 Jboss 服务器上的 SSL 工作正常,现在只需要解决这个问题。
dn: uid=<user name>,ou=people,dc=vts,dc=com
uid: <user name>
homeDirectory: /home/<user name>
gidNumber: <group number>
userPassword: <Password1>
cn: <user name>
uidNumber: <uidnum>
dn: cn=<group name>,ou=group,dc=vts,dc=com
userPassword: <Password1>
gidNumber: <group number>
cn: <group name>
我的 domain.xml 安全配置是:
<security-domain name="myRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldaps://xxx.xxx.x.x:xxx"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=<user name>,dc=vts,dc=com"/>
<module-option name="bindCredential" value="<Password1>"/>
<module-option name="baseCtxDN" value="dc=vts,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=group,dc=vts,dc=com"/>
<module-option name="roleFilter" value="(&(objectclass=posixGroup)(gidnumber=<group number hardcoded>)))"/>
<module-option name="roleAttributeID" value="ou"/>
</login-module>
</authentication>
</security-domain>
我有一个 jboss-web.xml,里面有我的安全域名(myRealm)。即使只是知道从上面的 ldap 信息中为我的设置正确配置了这个 musch 也会很有用,所以我知道去别处看看。谢谢。
编辑:
添加服务器日志堆栈跟踪:
[Server:server-one] 14:19:11,605 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8081-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
[Server:server-one] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
[Server:server-one] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]
[Server:server-one] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]
[Server:server-one] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]
[Server:server-one] at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]
[Server:server-one] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_37]
[Server:server-one] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_37]
[Server:server-one] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_37]
[Server:server-one] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]
[Server:server-one] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_37]
[Server:server-one] at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_37]
[Server:server-one] at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
[Server:server-one] at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
[Server:server-one] at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
[Server:server-one] at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
[Server:server-one] at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
[Server:server-one] at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
[Server:server-one] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
[Server:server-one] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]