java - Migrate LDAP configurarions from Websphere to Liberty
问题描述
I'm starting with a new maven web jsf application in local development. I have already a correctly configured Websphere 8.5 application server with correct configurations to use ldap. The new project will use Liberty instead traditional Websphere.
I set up what I think I need in Liberty's server.xml and application's web.xml
Liberty's server.xml:
<ldapRegistry
id="ldap"
realm="LdapRegistry"
ldapType="Microsoft Active Directory"
host="host-copy-pasted-from-websphere-configuration"
port="port-copy-pasted-from-websphere-configuration"
baseDN="baseDN-copy-pasted-from-websphere-configuration"
searchTimeout="120"
reuseConnection="true"
ignoreCase="true"
bindDN="bindDN-copy-pasted-from-websphere-configuration"
bindPassword="bindDN-known-password"
sslEnabled="false">
<activedFilters
userFilter="userFilter-copy-pasted-from-websphere-configuration"
groupFilter="groupFilter-copy-pasted-from-websphere-configuration"
groupIdMap="groupIdMap-copy-pasted-from-websphere-configuration"
userIdMap="userIdMap-copy-pasted-from-websphere-configuration"
groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember"
>
</activedFilters>
application's web.xml (most of configuration copy-pasted from old other applications):
<security-role>
<role-name>AllAuthenticated</role-name>
</security-role>
<security-constraint>
<display-name>AllAuthenticated</display-name>
<web-resource-collection>
<web-resource-name>AllAuthenticated</web-resource-name>
<url-pattern>/pages/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>AllAuthenticated</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LdapRegistry</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
my login.xhtml:
...
<form id="login-form" action="j_security_check" class="shadow mx-auto" method="post">
...
<input type="text" id="j_username" name="j_username" class="form-control form-control-lg" required="required" autofocus="autofocus" />
...
<input type="password" id="j_password" name="j_password" class="form-control" required="required" />
...
ibm-application-bnd.xml:
<application-bnd ...>
<security-role name="AllAuthenticated">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
I guess it's not far from good config because when I login with bad password I get console message "Ensure that both the principal name and the password are specified correctly. Ensure that the account is not locked and that the account is enabled."
When I type the right password the error message is not displayed, no message is displayed, anyway I'm redirected to error.xhtml page, and if I try to navigate to an application's page I'm redirected to login.xhtml
Be patient pls, I work on java just from few months...
What I can try? Since I have no error message to investigate...
EDIT
Using @J Van Hill instructions I added trace logging on the server.xml. What I find is that when I use right password I get in trace this entry:
[controls={com.ibm.wsspi.security.wim.model.LoginControl=
[countLimit=4501
returnSubType=true
searchLimit=0
timeLimit=0
]}
entities={com.ibm.wsspi.security.wim.model.LoginAccount=
[password=****
principalName=my-username
]}
validated=false
]
and after some rows this entry:
[entities={com.ibm.wsspi.security.wim.model.Entity=
[IdentifierType= {
externalName=cn=my-username,ou=my-ou,o=my-o,c=my-c
repositoryId=com.ibm.ws.security.registry.ldap.config[ldap]
uniqueName=cn==my-username,ou=my-ou,o=my-o,c=my-c
}
]}
validated=false
]
I'm investigating on security roles... Any other point of view is appreciated.
EDIT 2
I'm analyzing better the trace. After some rows of above entries there are errors entries:
[13/04/20 19.39.59:317 CEST] 00000079 id=00000000 com.ibm.ws.security.registry.RegistryException > <init> Entry
null
java.lang.NullPointerException
at com.ibm.ws.security.wim.adapter.ldap.LdapHelper.getOctetString(LdapHelper.java:66)
at com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager.getExtIdFromAttributes(LdapConfigManager.java:2841)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:815)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:761)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.get(LdapAdapter.java:342)
.....
.....
.....
.....
.....
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[13/04/20 19.39.59:318 CEST] 00000079 id=0e8ce458 com.ibm.ws.security.registry.RegistryException < <init> Exit
com.ibm.ws.security.registry.RegistryException
at com.ibm.ws.security.wim.registry.WIMUserRegistry.getUserSecurityName(WIMUserRegistry.java:296)
at com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.getSecurityName(ServerCommonLoginModule.java:113)
at com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule.login(UsernameAndPasswordLoginModule.java:77)
at com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.java:51)
at sun.reflect.GeneratedMethodAccessor1372.invoke(Unknown Source)
.....
.....
.....
.....
.....
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at com.ibm.ws.security.wim.adapter.ldap.LdapHelper.getOctetString(LdapHelper.java:66)
at com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager.getExtIdFromAttributes(LdapConfigManager.java:2841)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:815)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:761)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.get(LdapAdapter.java:342)
.....
.....
.....
.....
.....
at com.ibm.ws.security.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:263)
at com.ibm.ws.security.wim.ProfileManager.get(ProfileManager.java:207)
at com.ibm.ws.security.wim.VMMService.get(VMMService.java:208)
at com.ibm.ws.security.wim.registry.util.SecurityNameBridge.getUserSecurityName(SecurityNameBridge.java:182)
at com.ibm.ws.security.wim.registry.WIMUserRegistry.getUserSecurityName(WIMUserRegistry.java:291)
... 49 more
[13/04/20 19.39.59:344 CEST] 00000079 id=00000000 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: Ƞstato creato un incidente FFDC: "com.ibm.ws.security.registry.RegistryException com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule 107" in ffdc_20.04.13_19.39.59.0.log
[13/04/20 19.39.59:402 CEST] 00000079 id=00000000 com.ibm.ws.security.authentication.AuthenticationException > <init> Entry
null
com.ibm.ws.security.registry.RegistryException
at com.ibm.ws.security.wim.registry.WIMUserRegistry.getUserSecurityName(WIMUserRegistry.java:296)
at com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.getSecurityName(ServerCommonLoginModule.java:113)
at com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule.login(UsernameAndPasswordLoginModule.java:77)
at com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.java:51)
at sun.reflect.GeneratedMethodAccessor1372.invoke(Unknown Source)
.....
.....
.....
.....
.....
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at com.ibm.ws.security.wim.adapter.ldap.LdapHelper.getOctetString(LdapHelper.java:66)
at com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager.getExtIdFromAttributes(LdapConfigManager.java:2841)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:815)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:761)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.get(LdapAdapter.java:342)
.....
.....
.....
.....
.....
at com.ibm.ws.security.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:263)
at com.ibm.ws.security.wim.ProfileManager.get(ProfileManager.java:207)
at com.ibm.ws.security.wim.VMMService.get(VMMService.java:208)
at com.ibm.ws.security.wim.registry.util.SecurityNameBridge.getUserSecurityName(SecurityNameBridge.java:182)
at com.ibm.ws.security.wim.registry.WIMUserRegistry.getUserSecurityName(WIMUserRegistry.java:291)
... 49 more
[13/04/20 19.39.59:403 CEST] 00000079 id=5177825f com.ibm.ws.security.authentication.AuthenticationException < <init> Exit
com.ibm.ws.security.authentication.AuthenticationException
at com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule.login(UsernameAndPasswordLoginModule.java:109)
at com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.java:51)
at sun.reflect.GeneratedMethodAccessor1372.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
.....
.....
.....
.....
.....
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
EDIT 3
Some additional information from trace log (I had to cut some of previous edit's log because post can be max 30000 chars).
As requested here is exposed the JNDI_CALL entries in trace after login with right password before NPE.
...
...
...
[14/04/20 9.16.57:291 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.LdapHelper < printSearchControls Exit
[searchScope: 2, timeLimit: 120, countLimit: 4501, returningObjFlag: false, returningAttributes: [objectguid, objectClass, cn, principalname]]
[14/04/20 9.16.57:291 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL search(Name,String,SearchControls) [ldap://XXXXXXXXXXXXX:XXX]
o=MY-O,c=,MY-C
(&(cn=MY-USERNAME)(objectclass=inetOrgPerson))
[searchScope: 2, timeLimit: 120, countLimit: 4501, returningObjFlag: false, returningAttributes: [objectguid, objectClass, cn, principalname]]
[14/04/20 9.16.57:305 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL search(Name,String,SearchControls) [14 ms]
com.sun.jndi.ldap.LdapSearchEnumeration@20e0d246
[14/04/20 9.16.57:305 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.LdapConnection 3 search(String, String, Object[], SearchControls) Received search results, looping through elements. May include referral chasing.
[14/04/20 9.16.57:306 CEST] 00000083 id=3a9c8114 com.ibm.ws.security.wim.adapter.ldap.LdapConnection > supportRangeAttributes Entry
{objectclass=objectClass: top, person, organizationalPerson, inetOrgPerson, XXXXXOrgPerson, mdfPerson, cn=cn: MY-USERNAME}
o=MY-O,c=,MY-C
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@4d39fb26{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848567, iPoolTimeStampSeconds=1586848567}
[14/04/20 9.16.57:307 CEST] 00000083 id=3a9c8114 com.ibm.ws.security.wim.adapter.ldap.LdapConnection < supportRangeAttributes Exit
[14/04/20 9.16.57:307 CEST] 00000083 id=427f3b80 com.ibm.ws.security.wim.adapter.ldap.CachedNamingEnumeration > add Entry
cn=MY-USERNAME,ou=MY-OU: null:null:{objectclass=objectClass: top, person, organizationalPerson, inetOrgPerson, XXXXXOrgPerson, mdfPerson, cn=cn: MY-USERNAME}
[14/04/20 9.16.57:307 CEST] 00000083 id=427f3b80 com.ibm.ws.security.wim.adapter.ldap.CachedNamingEnumeration < add Exit
[14/04/20 9.16.57:307 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.LdapConnection 3 search(String, String, Object[], SearchControls) Received search results, looped through elements. Num of elements retrieved: 1
[14/04/20 9.16.57:307 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL getResponseControls() [ldap://XXXXXXXXXXXXX:XXX]
[14/04/20 9.16.57:307 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL getResponseControls() [0 ms]
[14/04/20 9.16.57:307 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL setRequestControls(Control[]) [ldap://XXXXXXXXXXXXX:XXX]
[14/04/20 9.16.57:307 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL setRequestControls(Control[]) [0 ms]
[14/04/20 9.16.57:307 CEST] 00000083 id=645bfd15 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager > releaseDirContext Entry
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@4d39fb26{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848567, iPoolTimeStampSeconds=1586848567}
...
...
...
[14/04/20 9.16.57:376 CEST] 00000083 id=645bfd15 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager < createDirContext Exit
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@34fc1054{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848617, iPoolTimeStampSeconds=1586848617}
[14/04/20 9.16.57:376 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL close() [ldap://XXXXXXXXXXXXX:XXX]
[14/04/20 9.16.57:376 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL close() [0 ms]
[14/04/20 9.16.57:376 CEST] 00000083 id=5a992031 com.ibm.ws.security.wim.adapter.ldap.LdapAdapter < authenticateWithPassword Exit
...
...
...
[14/04/20 9.16.57:618 CEST] 00000083 id=645bfd15 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager > checkPrimaryServer Entry
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@4d39fb26{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848567, iPoolTimeStampSeconds=1586848567}
ldap://XXXXXXXXXXXXX:XXX
1586848618
[14/04/20 9.16.57:618 CEST] 00000083 id=645bfd15 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager < checkPrimaryServer Exit
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@4d39fb26{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848567, iPoolTimeStampSeconds=1586848567}
[14/04/20 9.16.57:618 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager 3 getDirContext ContextPool: total=1, poolSize=0, currentTime=1586848618, createTime=1586848567
[14/04/20 9.16.57:618 CEST] 00000083 id=645bfd15 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager < getDirContext Exit
com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext@4d39fb26{iProviderURL=ldap://XXXXXXXXXXXXX:XXX, iCreateTimestampSeconds=1586848567, iPoolTimeStampSeconds=1586848567}
[14/04/20 9.16.57:618 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL search(String,String,SearchControls) [ldap://XXXXXXXXXXXXX:XXX]
cn=MY-USERNAME,ou=MY-OU,o=MY-O,c=MY-C
objectclass=*
javax.naming.directory.SearchControls@562c6943
[14/04/20 9.16.57:621 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext 3 JNDI_CALL search(String,String,SearchControls) [3 ms]
com.sun.jndi.ldap.LdapSearchEnumeration@61d24608
[14/04/20 9.16.57:621 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.LdapHelper > prepareDN Entry
cn=-MY-USERNAME,ou=MY-OU,o=MY-O,c=MY-C
null
[14/04/20 9.16.57:621 CEST] 00000083 id=00000000 com.ibm.ws.security.wim.adapter.ldap.LdapHelper > unescapeDoubleBackslash Entry
cn=MY-USERNAME,ou=MY-OU,o=MY-O,c=MY-C
...
...
...
And this is LdapConfigManager's method getExtIdFromAttributes(...) immediately prior to the NPE
...
...
...
[14/04/20 9.16.57:647 CEST] 00000083 id=3a9c8114 com.ibm.ws.security.wim.adapter.ldap.LdapConnection < getUniqueName Exit
cn=MY-USERNAME,ou=MY-USERNAME,o=MY-O,c=MY-C
[14/04/20 9.16.57:647 CEST] 00000083 id=6bbc56a3 com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager > getExtIdFromAttributes Entry
cn=MY-USERNAME,ou=MY-USERNAME,o=MY-O,c=MY-C
Entity
{objectguid=objectguid: null, objectclass=objectClass: top, person, organizationalPerson, inetOrgPerson, XXXXXOrgPerson, mdfPerson, principalname=principalname: null}
[14/04/20 9.16.57:647 CEST] 00000083 id=6bbc56a3 com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager > getExtId Entry
Entity
[14/04/20 9.16.57:647 CEST] 00000083 id=6bbc56a3 com.ibm.ws.security.wim.adapter.ldap.LdapConfigManager > getLdapEntity Entry
Entity
[14/04/20 9.16.57:647 CEST] 00000083 id=00000000 com.ibm.wsspi.security.wim.model.Entity > getSubEntityTypes Entry
Entity
...
...
...
I'm very very beginner on this stuff, I noted some other configurations in original Websphere I did not set in Liberty. I don't know if I'm doing in the right way
1. In Websphere I have entry Global Security --> JAAS - J2C Authentication data, so I added in server.xml in futureManager branch:
<feature>jdbc-4.2</feature>
then added this authData entry:
<authData id="MY-IDENTIFICATION" user="MY-DB-USER" password="MY-DB-PASSWORD"/>
then in ibm-application-bnd.xml added
<resource-ref name="jdbc/MY-JDBC" binding-name="jdbc/MY-JDBC">
<authentication-alias name="MY-IDENTIFICATION"/>
</resource-ref>
This attempt reported no result.
(N.B.: jdbc already correctly set up in server.xml since without authentication the web application can access db with mybatis)
2. There are also configurations about what's called "Federated Repositories", I'm trying to build the node on server.xml, but I have some difficulties. Is this mandatory and could be the cause?
解决方案
假设您的用户是 LDAP 用户,您可能应该确定您的用户是否首先使用 LDAP 进行身份验证。你看到的行为让我相信你是,但最好检查一下。使用典型的跟踪设置,除非存在“真正的”错误,否则我们不会将身份验证失败输出到消息日志中。
要对此进行调试,请通过将以下内容添加到您的 server.xml 文件来启用跟踪以确保安全(如果它已经存在,请添加下面的跟踪规范):
<logging traceSpecification="*=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.wsspi.security.*=all" />
重新运行场景,您应该会看到一个或多个 trace*.log 文件。在这些跟踪文件中搜索 LdapAdapter.login(...) 调用,它应该看起来像这样(注意: principalName= 应该是您正在验证的用户):
[4/13/20, 9:53:31:884 CDT] 0000003c id=9c608b7f com.ibm.ws.security.wim.adapter.ldap.LdapAdapter > login Entry
com.ibm.wsspi.security.wim.model.Root=
[contexts={com.ibm.wsspi.security.wim.model.Context=
[key=realm
value=ADRealm
],com.ibm.wsspi.security.wim.model.Context=
[key=allowOperationIfReposDown
value=false
]}
controls={com.ibm.wsspi.security.wim.model.LoginControl=
[countLimit=0
properties={principalName}
returnSubType=true
searchBases={cn=users,dc=secfvt2,dc=austin,dc=ibm,dc=com}
searchLimit=0
timeLimit=0
]}
entities={com.ibm.wsspi.security.wim.model.LoginAccount=
[password=****
principalName=vmmtestuser
]}
validated=false
]
通常此时我会从这个位置向前搜索“登录”。成功登录包含一个具有用户属性的实体,如下所示:
[4/13/20, 9:53:31:911 CDT] 0000003c id=9c608b7f com.ibm.ws.security.wim.adapter.ldap.LdapAdapter < login Exit
com.ibm.wsspi.security.wim.model.Root=
[entities={com.ibm.wsspi.security.wim.model.PersonAccount=
cn=vmmtestuser
dentifierType= {
externalId=d577025f9f80f7cef25c99b722a68714
externalName=cn=vmmtestuser,cn=users,dc=secfvt2,dc=austin,dc=ibm,dc=com
repositoryId=com.ibm.ws.security.registry.ldap.config[LDAP]
uniqueName=cn=vmmtestuser,cn=users,dc=secfvt2,dc=austin,dc=ibm,dc=com
assword=****
rincipalName=vmmtestuser
}
validated=false
]
登录失败可能如下所示(错误代码 49 是错误凭据):
[4/13/20, 9:53:33:084 CDT] 0000003f id=00000000 com.ibm.ws.security.wim.adapter.ldap.context.ContextManager > isConnectionException Entry
javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=vmmtestuser,cn=users,dc=secfvt2,dc=austin,dc=ibm,dc=com]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3158)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3104)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2890)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2804)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at org.apache.aries.jndi.ContextHelper.getInitialContextUsingBuilder(ContextHelper.java:244)
at org.apache.aries.jndi.ContextHelper.getContextProvider(ContextHelper.java:208)
at org.apache.aries.jndi.ContextHelper.getInitialContext(ContextHelper.java:141)
at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:51)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext.<init>(TimedDirContext.java:80)
at com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.createDirContext(ContextManager.java:542)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.authenticateWithPassword(LdapAdapter.java:3025)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.login(LdapAdapter.java:634)
如果您的用户已通过身份验证,那么您的应用程序中的安全角色似乎存在问题(您的经过身份验证的用户不具备所需的角色)。
推荐阅读
- android - Firebase:如何获取特定集合的元素?
- python - 对范围内的整数求和的最有效方法是什么?
- python - 将文件复制到 Kubernetes Pod
- .net-core - Entity Framework Core 多对多关系 - 出现错误“列名 'id' 无效”
- c# - 在 kali linux 2020 的 monoDevelop IDE 中找不到“/usr/lib/mono/msbuild/15.0/bin/Roslyn/Microsoft.CSharp.Core.targets”
- powershell - 如何强制 Powershell 脚本运行特定版本
- android - Firebase TestLab 不等待输入完成来截取屏幕截图
- r - 填充R中数据中的缺失行
- javascript - Node Webkit -Save As 对话框,在“Save as Type”字段上有多个选项
- c++ - 最后插入双向链表节点