fel*_*tto 6 java jboss spnego jboss7.x
我最终将我的JBoss AS 7服务器配置为SPNEGO在针对Windows 2008 R2的AD域上使用.我正在使用Java 7.
当用户从域计算机以外的某个地方(例如,从移动电话或更广泛的Internet)访问服务器URL时,系统会提示他们输入用户名和密码,然后我收到错误消息:
Login failure: javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'
当用户在登录域时访问URL时,一切正常.
在SPNEGOsecurity-domain(standalone.xml)上我配置了2个登录模块:
第一: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
第二:
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="usersProperties" value="file:${jboss.server.config.dir}/spnego-users.properties"/>
<module-option name="rolesProperties" value="file:${jboss.server.config.dir}/spnego-roles.properties"/>
<module-option name="defaultUsersProperties" value="file:${jboss.server.config.dir}/spnego-users.properties"/>
<module-option name="defaultRolesProperties" value="file:${jboss.server.config.dir}/spnego-roles.properties"/>
</login-module>
问题是:我如何回退BASIC或FORM什么时候SPNEGO超出范围?
谢谢
完全例外如下:
00:40:23,751 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-9090-8) Login failure: javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.spnegoLogin(SPNEGOLoginModule.java:230) [jboss-negotiation-spnego-2.2.0.SP1.jar:2.2.0.SP1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:194) [jboss-negotiation-spnego-2.2.0.SP1.jar:2.2.0.SP1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:137) [jboss-negotiation-spnego-2.2.0.SP1.jar:2.2.0.SP1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_05]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_05]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:187) [jboss-negotiation-common-2.2.0.SP1.jar:2.2.0.SP1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05]
老实说,我建议您使用带有 SPNEGO 扩展的 Spring Security。请参阅类似的内容:http ://blog.springsource.org/2009/09/28/spring-security-kerberos/
之后,您可以拥有更多身份验证提供商。
引文摘自: Spring Security 中的多个身份验证提供程序
您可以根据需要指定任意数量的提供者。将按照您在身份验证管理器标记中声明它们的顺序检查它们。一旦成功进行身份验证,它将停止轮询提供商。如果任何提供者抛出 AccountStatusException,它也会中断轮询。
这样,您将不会依赖于特定的应用程序服务器配置。
| 归档时间: |
|
| 查看次数: |
2948 次 |
| 最近记录: |