Hawtio / Jaas ldap登录

Question

trying to add in authentication to hawtio using JAAS by following the configuration docs 通过遵循配置文档尝试使用JAAS向hawtio添加身份验证

Started by using jetty's demo-base test-jaas war to configure a basic JAAS/jetty login and was able to authenticate/authorize. 首先使用jetty的基于演示的test-jaas war来配置基本的JAAS / jetty登录并能够进行身份验证/授权。

Tried to incorporate the same concept into hawtio by reading the docs but I'm convinced that it doesn't even seem to reach out to ldap since when I tried this with the demo war I would get logs like "found user? true" . 试图通过阅读文档将相同的概念整合到hawtio中，但是我坚信它似乎甚至没有得到ldap的支持，因为当我在演示战争中尝试这样做时，我会得到类似"found user? true"日志。

I've decided to just ignore authorization for now and just try to authenticate with ldap. 我决定暂时不考虑授权，而尝试使用ldap进行身份验证。 If anyone has any suggestions on what I can try to do to debug this further, I would appreciate it. 如果有人对我可以做些什么来进一步调试它有任何建议，我将不胜感激。

Here's my realm config: 这是我的领域配置：

hawtio {
   org.eclipse.jetty.jaas.spi.LdapLoginModule required
   debug="true"
   useLdaps="false"
   contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
   hostname="10.10.10.10"
   port="389"
   bindDn="asfd@test.com"
   bindPassword="asdf"
   authenticationMethod="simple"
   forceBindingLogin="false"
   userBaseDn="cn=Users,dc=test,dc=com"
   userRdnAttribute="cn"
   userIdAttribute="sAMAccountName"
   userPasswordAttribute="userPassword"
   userObjectClass="user"
   roleBaseDn="cn=Schema Admins,cn=Users,dc=test,dc=com"
   roleNameAttribute="name"
   roleMemberAttribute="member"
   roleObjectClass="group";
};

some of the web.xml for hawtio regarding jaas/authentication/roles: 关于hawtio的一些web.xml，涉及jaas / authentication / roles：

<env-entry>
    <description>Enable/disable hawtio's authentication filter, value is really a boolean</description>
    <env-entry-name>hawtio/authenticationEnabled</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>true</env-entry-value>
  </env-entry>

  <env-entry>
    <description>Authorized user role, empty string disables authorization</description>
    <env-entry-name>hawtio/role</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>*</env-entry-value>
  </env-entry>

  <env-entry>
    <description>JAAS classname that would contain the role principal, empty string disables authorization</description>
    <env-entry-name>hawtio/rolePrincipalClasses</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value></env-entry-value>
  </env-entry>

  <env-entry>
    <description>JAAS realm used to authenticate users</description>
    <env-entry-name>hawtio/realm</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>hawtio</env-entry-value>
  </env-entry>

and some of the logs i'm looking at 和一些我正在查看的日志

DEBUG | qtp580024961-17 | doAuthenticate[realm=hawtio, role=*, rolePrincipalClasses=, configuration=null, username=dummy, password=******]
DEBUG | qtp580024961-17 | Unknown callback class [org.eclipse.jetty.jaas.callback.ObjectCallback]
WARN  | qtp580024961-17 | Login failed due to: Login Failure: all modules ignored
DEBUG | qtp580024961-17 | Failed stacktrace:
javax.security.auth.login.LoginException: Login Failure: all modules ignored
        at javax.security.auth.login.LoginContext.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.access$000(Unknown Source)
        at javax.security.auth.login.LoginContext$4.run(Unknown Source)
        at javax.security.auth.login.LoginContext$4.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
        at javax.security.auth.login.LoginContext.login(Unknown Source)
        at io.hawt.system.Authenticator.doAuthenticate(Authenticator.java:131)
        at io.hawt.system.Authenticator.authenticate(Authenticator.java:92)
        at io.hawt.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:168)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.XXSSProtectionFilter.doFilter(XXSSProtectionFilter.java:28)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:28)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.CORSFilter.doFilter(CORSFilter.java:42)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.CacheHeadersFilter.doFilter(CacheHeadersFilter.java:37)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.SessionExpiryFilter.process(SessionExpiryFilter.java:126)
        at io.hawt.web.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:69)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at io.hawt.web.RedirectFilter.process(RedirectFilter.java:86)
        at io.hawt.web.RedirectFilter.doFilter(RedirectFilter.java:72)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:497)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)
        at java.lang.Thread.run(Unknown Source)

Answer 1

This is more of a workaround solution, but finally got hawtio to be configured by using a different ldaploginmodule 这更多是一种解决方法，但是最终通过使用其他ldaploginmodule配置了hawtio

Must be some sort of configuration with the org.eclipse.jetty.jaas.spi.LdapLoginModule class. 必须使用org.eclipse.jetty.jaas.spi.LdapLoginModule类进行某种配置。

Hawtio / Jaas ldap登录

问题描述

1 个解决方案

解决方案1
1 2018-06-09 05:52:21

Hawtio / Jaas ldap登录

问题描述

1 个解决方案

解决方案1 1 2018-06-09 05:52:21

解决方案1
1 2018-06-09 05:52:21