在我们网站的登录页面上,我们要求输入用户名和密码,然后通过 SSL 将它们传递到服务器。然后,我们将这些凭据传递给我们的 Active Directory 服务器,使用我们的服务帐户凭据以未加密的方式登录到服务器。我尝试了数十种不同的配置(这似乎是一个常见问题),但无法通过身份验证。
这是我的standalone.xml 中的安全子系统
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="JAXUser" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://ldap-server.jax.org:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="bindDN" value="cn=svc-SampleTracker"/>
<module-option name="bindCredential" value="myPassword"/>
<module-option name="baseCtxDN" value="dc=jax,dc=org"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="roleRecursion" value="1"/>
<!-- Not using roles at this point -->
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
</subsystem>
这是我的 ApplicationRealm 的 XML:
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="server.keystore"
relative-to="jboss.server.config.dir"
keystore-password="blahblahblah" alias="server"
key-password="blahblahblah" />
</ssl>
</server-identities>
<authentication>
<truststore path="server.truststore"
relative-to="jboss.server.config.dir"
keystore-password="blahblah" />
<!-- this is the user that made the request to the server -->
<ldap connection="LdapConnection"
base-dn="dc=jax, dc=org" recursive="true">
<username-filter attribute="sAMAccountName" />
</ldap>
</authentication>
</security-realm>
任何建议将不胜感激和尝试。