Spring-Security-ldap：无法实例化InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory

Question

我正在从Jboss 7.1迁移到Wildfly，并在身份验证失败时遇到异常。

要登录系统，我使用spring-security-ldap和cas-client，当我在登录表单上输入错误密码时，出现异常：

    Caused by: javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloa
der ModuleClassLoader for Module "deployment.gas.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationExceptio
n: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]]
        at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
        at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
        at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)
        at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_60]
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_60]
        at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_60]
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_60]
        at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) [spring-ldap-core-1.3.1.
RELEASE.jar:1.3.1.RELEASE]
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) [spring-ldap-core-1.3.1
.RELEASE.jar:1.3.1.RELEASE]
        ... 48 more

我的弹簧安全模块：

<?xml version="1.0" encoding="UTF-8"?>

<module xmlns="urn:jboss:module:1.1" name="org.spring.security" slot="3.1.3">
    <resources>
        <resource-root path="spring-security-ldap-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-config-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-core-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-web-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-security-cas-3.1.3.RELEASE.jar"/>
        <resource-root path="spring-ldap-core-1.3.1.RELEASE.jar"/>
    </resources>

    <dependencies>
        <module name="org.spring.core" slot="3.2.1" export="true" />
        <module name="org.jasig.cas.client.cas-client-core" slot="3.1.12" export="true"/>
        <module name="org.apache.commons-lang" slot="2.5"/>
        <module name="sun.jdk" export="true"/>
    </dependencies>
</module>

在Jboss AS 7.1上一切都很好，也许我忘了更改属性吗？

-编辑

都是由于org.springframework.security.ldap.authentication.BindAuthentication类：

有一个函数bindWithDn（...），它试图用userDnStr创建上下文，如果不能创建则抛出异常。 我有一个userDnStr的列表，第一个userDnStr（如果此ldap文件夹中不存在用户）函数将引发异常。 但是在Wildfly上它会抛出org.springframework.ldap.UncategorizedLdapException而不是Jboss 7 / Tomcat上的AuthenticationException或OperationNotSupportedException

春季资源：

 // This will be thrown if an invalid user name is used and the method may
            // be called multiple times to try different names, so we trap the exception
            // unless a subclass wishes to implement more specialized behaviour.
            if ((e instanceof org.springframework.ldap.AuthenticationException)
                    || (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
                handleBindException(userDnStr, username, e);
            } else {
                throw e;
            }

如果出现AuthenticationException或OperationNotSupportedException，spring可以处理它并继续尝试下一个userDnStr。 仍然存在的问题是：为什么getContext（）在Wildfly上抛出UncategorizedLdapException？

Answer 1

DN应该是管理员。 或者允许在DC上进行匿名绑定。 不要忘记域名简称shortName \\ administrator。