我在 Websphere 应用服务器 BASE 9.0.0.8 上运行一个 Web 应用程序。Websphere 安全配置了独立的 LDAP 注册表 (OpenLdap),它也是应用程序用户的注册表。
服务器启动后,用户登录是正常的,需要几秒钟。在一定时间不活动后,应用程序会话超时,用户必须再次登录,但这次登录需要几分钟。我没有注意到服务器日志中的任何记录可以解释这种登录延迟,所以我启用了 LTPAToken2 跟踪这个字符串*=info:com.ibm.ws.security.ltpa.LTPAToken2=all
。重现登录延迟问题后,我检查了跟踪日志,发现大量此记录:
[9/27/18 14:07:28:532 CEST] 0000009c LTPAToken2 3 Returning existing encrypted bytes from token object.
[9/27/18 14:07:28:532 CEST] 0000009c LTPAToken2 3 Expiration returned from expire field in token: Thu Sep 27 14:35:00 CEST 2018*
...
在登录延迟期间,大约有 1100 行记录在跟踪日志中。最初在一秒钟内记录了近 200 条记录,后来每隔几秒记录一条记录的频率降低了。大约两分钟的延迟后,用户登录到应用程序,并在跟踪日志中记录了以下记录:
[9/27/18 14:09:46:132 CEST] 0000009c LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://machineX:389.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 > new LTPAToken2 from accessID Entry
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 userdata areau:user\:machineX\:389/uid=userX,ou=Users,dc=companyX,dc=xy
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Expiration returned from expire field in token: Thu Sep 27 16:10:00 CEST 2018
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Expiration set to: Thu Sep 27 16:10:00 CEST 2018
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 < new LTPAToken2 from accessID Exit
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:147 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:147 CEST] 0000009c LTPAToken2 3 Token was updated thus clearing encrypted bytes to re-encrypt.