0

我在 Websphere 应用服务器 BASE 9.0.0.8 上运行一个 Web 应用程序。Websphere 安全配置了独立的 LDAP 注册表 (OpenLdap),它也是应用程序用户的注册表。

服务器启动后,用户登录是正常的,需要几秒钟。在一定时间不活动后,应用程序会话超时,用户必须再次登录,但这次登录需要几分钟。我没有注意到服务器日志中的任何记录可以解释这种登录延迟,所以我启用了 LTPAToken2 跟踪这个字符串*=info:com.ibm.ws.security.ltpa.LTPAToken2=all。重现登录延迟问题后,我检查了跟踪日志,发现大量此记录:

[9/27/18 14:07:28:532 CEST] 0000009c LTPAToken2    3   Returning existing encrypted bytes from token object.
[9/27/18 14:07:28:532 CEST] 0000009c LTPAToken2    3   Expiration returned from expire field in token: Thu Sep 27 14:35:00 CEST 2018*
...

在登录延迟期间,大约有 1100 行记录在跟踪日志中。最初在一秒钟内记录了近 200 条记录,后来每隔几秒记录一条记录的频率降低了。大约两分钟的延迟后,用户登录到应用程序,并在跟踪日志中记录了以下记录:

[9/27/18 14:09:46:132 CEST] 0000009c LdapRegistryI A   SECJ0419I: The user registry is currently connected to the LDAP server ldap://machineX:389.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    >  new LTPAToken2 from accessID Entry
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   userdata areau:user\:machineX\:389/uid=userX,ou=Users,dc=companyX,dc=xy
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Expiration returned from expire field in token: Thu Sep 27 16:10:00 CEST 2018
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Expiration set to: Thu Sep 27 16:10:00 CEST 2018
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    <  new LTPAToken2 from accessID Exit
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:146 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:147 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
[9/27/18 14:09:46:147 CEST] 0000009c LTPAToken2    3   Token was updated thus clearing encrypted bytes to re-encrypt.
4

1 回答 1

1

WAS 服务器和 LDAP 服务器位于不同的网络子网中。一段时间后,与 LDAP 的现有连接变为“死”。该问题已通过禁用 WAS ldap 注册表参数“重用连接”得到解决。

于 2018-10-01T05:52:19.817 回答