java Springsecurityldap:实例化InitialContextFactory com失败。太阳jndi。ldap。LDAPCTX工厂
我正在从Jboss 7.1迁移到Wildfly,并在失败验证时出现异常
要登录system I用户spring security ldap和cas客户端,当我在登录表单上键入错误密码时,会出现异常:
Caused by: javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloa
der ModuleClassLoader for Module "deployment.gas.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationExceptio
n: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]]
at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)
at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_60]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_60]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_60]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) [spring-ldap-core-1.3.1.
RELEASE.jar:1.3.1.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) [spring-ldap-core-1.3.1
.RELEASE.jar:1.3.1.RELEASE]
... 48 more
我的spring安全模块:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.spring.security" slot="3.1.3">
<resources>
<resource-root path="spring-security-ldap-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-config-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-core-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-web-3.1.3.RELEASE.jar"/>
<resource-root path="spring-security-cas-3.1.3.RELEASE.jar"/>
<resource-root path="spring-ldap-core-1.3.1.RELEASE.jar"/>
</resources>
<dependencies>
<module name="org.spring.core" slot="3.2.1" export="true" />
<module name="org.jasig.cas.client.cas-client-core" slot="3.1.12" export="true"/>
<module name="org.apache.commons-lang" slot="2.5"/>
<module name="sun.jdk" export="true"/>
</dependencies>
</module>
Jboss AS 7.1的一切都很好,可能是我忘记更改属性了吗
---编辑
都是因为组织。springframework。安全ldap。认证。BindAuthentication类:
有一个函数bindWithDn(…),它尝试用userDnStr创建上下文,如果不能,则抛出异常。我有一个userDnStr列表,第一个userDnStr(如果此ldap文件夹中不存在用户)函数抛出异常。但在Wildfly上,它抛出了org。springframework。ldap。与Jboss 7/Tomcat上的AuthenticationException或OperationNotSupportedException不同的是UncategorizedLdapException
Spring资料来源:
// This will be thrown if an invalid user name is used and the method may
// be called multiple times to try different names, so we trap the exception
// unless a subclass wishes to implement more specialized behaviour.
if ((e instanceof org.springframework.ldap.AuthenticationException)
|| (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
handleBindException(userDnStr, username, e);
} else {
throw e;
}
在AuthenticationException或OperationNotSupportedException的情况下,spring可以处理它并继续尝试下一个userDnStr。还有一个问题是:为什么getContext()会在Wildfly上抛出UncategorizedLdapException
# 1 楼答案
DN应该是管理员。或者允许在DC上进行匿名绑定。不要忘记域名shortName\administrator