1
我已經設置了OPENLDAP上(192.168.1.150:389)與OpenLDAP的JBOSS ldapExtLoginModule認證失敗,密碼不正確
我已經創建了與JBoss AS7.1一個JSF項目在Debian 6 VM,我試圖驗證針對上面的ldap服務器。問題是,JBoss的顯示一條消息,表明我的密碼無效,所以我不知道如何繼續調試這個問題,因爲我可以看到沒有其他相關的輸出。
我已經配置了org.jboss.security
我已經試過了無數的教程,但沒有任何相關的錯誤,我不能繼續調試這個跟蹤調試水平。
什麼會導致上述錯誤(密碼不正確)除了提供了錯誤的密碼? 這是一些輸出和配置文件。如果我忘記了,我會附上你要求的任何東西。
我的JBoss standalone.xml配置如下:
319 <security-domain name="CrudJSFRealm">
320 <authentication>
321 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
322 <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
323 <module-option name="java.naming.provider.url" value="ldap://192.168.1.150:389"/>
324 <module-option name="java.naming.security.authentication" value="simple"/>
325 <module-option name="bindDN" value="cn=admin"/>
326 <module-option name="bindCredential" value="passwd"/>
327
328 <module-option name="baseCtxDN" value="ou=People,dc=nps2,dc=local"/>
329 <module-option name="rolesCtxDN" value="ou=Roles,dc=nps2,dc=local"/>
330
331 <module-option name="baseFilter" value="(uid={0})"/><!--ok-->
332 <module-option name="roleFilter" value="(member={1})"/><!--ok-->
333 <module-option name="roleAttributeID" value="cn"/><!--ok-->
334 <module-option name="roleAttributeIsDN" value="false"/>
335 <module-option name="uidAttributeID" value="member"/>
336 <module-option name="roleNameAttributeID" value="cn"/>
337
338 <module-option name="roleRecursion" value="0"/><!--ok-->
339 <module-option name="allowEmptyPasswords" value="false"/>
340 <!--<module-option name="throwValidateError" value="true"/>-->
341 <module-option name="java.naming.referral" value="follow"/>
342 </login-module>
343 </authentication>
344 </security-domain>
我正確引用在我的jboss-web.xml文件中的CrudJSFRealm因爲正在使用LDAP連接:
<!-- Realm that will be used -->
<security-domain>java:/jaas/CrudJSFRealm</security-domain>
這裏是我的OpenLDAP結構:
dn: dc=nps2,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: nps2.local
dc: nps2
dn: ou=People,dc=nps2,dc=local
ou: People
objectClass: top
objectClass: organizationalUnit
dn: uid=sm0ke,ou=People,dc=nps2,dc=local
uid: sm0ke
cn: Dimitrios Kordas
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 15149
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/sm0ke
gecos: Dimitrios Kordas,,,
userPassword:: ***
# Roles, nps2.local
dn: ou=Roles,dc=nps2,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Roles
# users, Roles, nps2.local
dn: cn=users,ou=Roles,dc=nps2,dc=local
objectClass: top
objectClass: groupOfNames
member: uid=sm0ke,ou=People,dc=nps2,dc=local
member: uid=nobody,ou=People,dc=nps2,dc=local
cn: users
# root, Roles, nps2.local
dn: cn=root,ou=Roles,dc=nps2,dc=local
objectClass: top
objectClass: groupOfNames
member: uid=sm0ke,ou=People,dc=nps2,dc=local
member: uid=nobody,ou=People,dc=nps2,dc=local
cn: root
所以基本上我有2個用戶(sm0ke和沒有人)和2個角色的根和用戶。 每個角色都有一個成員屬性。
這裏是想在我的JSF項目通過驗證時,輸出:
14:30:32,196 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-1) Begin invoke, caller=null
14:30:32,204 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Security checking request POST /CrudJSF/j_security_check
14:30:32,206 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-8080-1) Authenticating username 'sm0ke'
14:30:32,211 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Begin isValid, principal:sm0ke, cache entry: null
14:30:32,211 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) defaultLogin, principal=sm0ke
14:30:32,213 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) Begin getAppConfigurationEntry(CrudJSFRealm), size=5
14:30:32,216 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) End getAppConfigurationEntry(CrudJSFRealm), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=baseFilter, value=(uid={0})
name=uidAttributeID, value=member
name=java.naming.referral, value=follow
name=bindDN, value=cn=admin
name=rolesCtxDN, value=ou=Roles,dc=nps2,dc=local
name=roleNameAttributeID, value=cn
name=roleRecursion, value=0
name=baseCtxDN, value=ou=People,dc=nps2,dc=local
name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory
name=java.naming.security.authentication, value=simple
name=allowEmptyPasswords, value=false
name=roleFilter, value=(member={1})
name=java.naming.provider.url, value=ldap://192.168.1.150:389
name=bindCredential, value=****
name=roleAttributeIsDN, value=false
name=roleAttributeID, value=cn
14:30:32,226 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) initialize
14:30:32,227 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) Security domain: CrudJSFRealm
14:30:32,228 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) login
14:30:32,230 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) Logging into LDAP server, env={uidAttributeID=member, baseFilter=(uid={0}), allowEmptyPasswords=false, java.naming.referral=follow, java.naming.security.credentials=***, jboss.security.security_domain=CrudJSFRealm, java.naming.security.authentication=simple, baseCtxDN=ou=People,dc=nps2,dc=local, roleAttributeIsDN=false, rolesCtxDN=ou=Roles,dc=nps2,dc=local, java.naming.security.principal=cn=admin, roleRecursion=0, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(member={1}), java.naming.provider.url=ldap://192.168.1.150:389, roleNameAttributeID=cn, roleAttributeID=cn, bindDN=cn=admin, bindCredential=***}
14:30:32,251 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) Bad password for username=sm0ke
14:30:32,253 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http--127.0.0.1-8080-1) abort
14:30:32,253 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [classes.jar:1.6.0_33]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [classes.jar:1.6.0_33]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [classes.jar:1.6.0_33]
at java.lang.reflect.Method.invoke(Method.java:597) [classes.jar:1.6.0_33]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [classes.jar:1.6.0_33]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [classes.jar:1.6.0_33]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [classes.jar:1.6.0_33]
at java.security.AccessController.doPrivileged(Native Method) [classes.jar:1.6.0_33]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [classes.jar:1.6.0_33]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [classes.jar:1.6.0_33]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:680) [classes.jar:1.6.0_33]
14:30:32,272 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) End isValid, false
14:30:32,273 TRACE [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/CrudJSF]] (http--127.0.0.1-8080-1) Username sm0ke NOT successfully authenticated
14:30:32,481 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/CrudJSF].[Faces Servlet]] (http--127.0.0.1-8080-1) Disabling the response for futher output
14:30:32,486 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/CrudJSF].[Faces Servlet]] (http--127.0.0.1-8080-1) The Response is vehiculed using a wrapper: org.apache.catalina.connector.Response
14:30:32,495 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Failed authenticate() test ??/CrudJSF/j_security_check
14:30:32,504 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-1) End invoke, caller=null
14:30:32,506 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null
14:30:32,514 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-1) Begin invoke, caller=null
14:30:32,515 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Security checking request GET /CrudJSF/javax.faces.resource/main.css.xhtml
14:30:32,518 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - ADMIN Only]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,522 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - USER and ADMIN]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,527 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - ADMIN Only]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,528 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - USER and ADMIN]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,529 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - ADMIN Only]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,530 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - USER and ADMIN]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,531 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - ADMIN Only]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,532 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[Restricted Area - USER and ADMIN]' against GET /javax.faces.resource/main.css.xhtml --> false
14:30:32,533 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) No applicable constraint located
14:30:32,533 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Not subject to any constraint
14:30:32,538 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-1) End invoke, caller=null
14:30:32,538 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null