Hawtio / Jaas ldap登錄
[英]Hawtio/Jaas ldap login
問題描述
通過遵循配置文檔嘗試使用JAAS向hawtio添加身份驗證
首先使用jetty的基於演示的test-jaas war來配置基本的JAAS / jetty登錄並能夠進行身份驗證/授權。
試圖通過閱讀文檔將相同的概念整合到hawtio中,但是我堅信它似乎甚至沒有得到ldap的支持,因為當我在演示戰爭中嘗試這樣做時,我會得到類似"found user? true"日志。
我決定暫時不考慮授權,而嘗試使用ldap進行身份驗證。 如果有人對我可以做些什么來進一步調試它有任何建議,我將不勝感激。
這是我的領域配置:
hawtio {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
useLdaps="false"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="10.10.10.10"
port="389"
bindDn="asfd@test.com"
bindPassword="asdf"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="cn=Users,dc=test,dc=com"
userRdnAttribute="cn"
userIdAttribute="sAMAccountName"
userPasswordAttribute="userPassword"
userObjectClass="user"
roleBaseDn="cn=Schema Admins,cn=Users,dc=test,dc=com"
roleNameAttribute="name"
roleMemberAttribute="member"
roleObjectClass="group";
};
關於hawtio的一些web.xml,涉及jaas / authentication / roles:
<env-entry>
<description>Enable/disable hawtio's authentication filter, value is really a boolean</description>
<env-entry-name>hawtio/authenticationEnabled</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>true</env-entry-value>
</env-entry>
<env-entry>
<description>Authorized user role, empty string disables authorization</description>
<env-entry-name>hawtio/role</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>*</env-entry-value>
</env-entry>
<env-entry>
<description>JAAS classname that would contain the role principal, empty string disables authorization</description>
<env-entry-name>hawtio/rolePrincipalClasses</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value></env-entry-value>
</env-entry>
<env-entry>
<description>JAAS realm used to authenticate users</description>
<env-entry-name>hawtio/realm</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>hawtio</env-entry-value>
</env-entry>
和一些我正在查看的日志
DEBUG | qtp580024961-17 | doAuthenticate[realm=hawtio, role=*, rolePrincipalClasses=, configuration=null, username=dummy, password=******]
DEBUG | qtp580024961-17 | Unknown callback class [org.eclipse.jetty.jaas.callback.ObjectCallback]
WARN | qtp580024961-17 | Login failed due to: Login Failure: all modules ignored
DEBUG | qtp580024961-17 | Failed stacktrace:
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at io.hawt.system.Authenticator.doAuthenticate(Authenticator.java:131)
at io.hawt.system.Authenticator.authenticate(Authenticator.java:92)
at io.hawt.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:168)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.XXSSProtectionFilter.doFilter(XXSSProtectionFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.CORSFilter.doFilter(CORSFilter.java:42)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.CacheHeadersFilter.doFilter(CacheHeadersFilter.java:37)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.SessionExpiryFilter.process(SessionExpiryFilter.java:126)
at io.hawt.web.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:69)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at io.hawt.web.RedirectFilter.process(RedirectFilter.java:86)
at io.hawt.web.RedirectFilter.doFilter(RedirectFilter.java:72)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)
at java.lang.Thread.run(Unknown Source)
1 個解決方案
解決方案1
1 2018-06-09 05:52:21
這更多是一種解決方法,但是最終通過使用其他ldaploginmodule配置了hawtio
必須使用org.eclipse.jetty.jaas.spi.LdapLoginModule類進行某種配置。
在WebSphare Application Server中使用LDAP / JAAS身份驗證
[英]Using LDAP/JAAS Authentication in WebSphare Application Server
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.