1. Accueil
  2. Question et réponse
  3. Connecteur Tomcat 5.5 https vs connexion ldap

Connecteur Tomcat 5.5 https vs connexion ldap

2016-04-21 2 views
0

J'ai une application sur Tomcat 5.5 et j'ai défini les deux connecteurs suivants (un pour la connexion http et un pour la connexion https).Connecteur Tomcat 5.5 https vs connexion ldap

<Connector port="48080" maxHttpHeaderSize="8192" address="0.0.0.0" 
    maxThreads="512" minSpareThreads="64" maxSpareThreads="200" 
    enableLookups="false" redirectPort="8443" acceptCount="100" 
    connectionTimeout="60000" disableUploadTimeout="true" /> 

<Connector className="org.apache.catalina.connector.http.HttpConnector" 
      port="28443" 
     maxThreads="512" 
      minProcessors="256" maxProcessors="500" 
      enableLookups="true" 
      acceptCount="100" 
      debug="0" 
      scheme="https" 
      secure="true" 
      allowChunking="false" 
      clientAuth="false" 
      sslProtocol="TLS" 
      keystoreFile="pathOfCertificate" 
      keystorePass="password" 
      keystoreType="PKCS12" />

J'ai développé un connetction LDAP sécurisé et quand je commente le connecteur https (28443) des œuvres ldap et, évidemment https connexion sur le port 28443 ne fonctionne pas. Si je décompose le connecteur https, ldap ne fonctionne pas avec les exceptions suivantes et, évidemment, la connexion https fonctionne.

javax.naming.CommunicationException: simple bind failed: ssoha.aosp.bo.it:636 [Root exception is javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64] 
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195) 
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720) 
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) 
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) 
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) 
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) 
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) 
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) 
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) 
at javax.naming.InitialContext.init(InitialContext.java:223) 
at javax.naming.InitialContext.<init>(InitialContext.java:197) 
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) 
at com.noemalife.logon.api.LDAPSProcessor.verifyLogin(LDAPSProcessor.java:76) 
at it.dianoema.dnweb.dnlis.servlets.SLoginLDAP.doPost(SLoginLDAP.java:137) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) 
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:881) 
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:674) 
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:541) 
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) 
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) 
at java.lang.Thread.run(Thread.java:662) 
Caused by: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64 
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1617) 
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:105) 
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) 
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) 
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414) 
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387) 
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332) 
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190) 
... 30 more 
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64 
at com.sun.crypto.provider.TlsPrfGenerator.expand(DashoA13*..) 
at com.sun.crypto.provider.TlsPrfGenerator.doPRF(DashoA13*..) 
at com.sun.crypto.provider.TlsPrfGenerator.doPRF(DashoA13*..) 
at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(DashoA13*..) 
at javax.crypto.KeyGenerator.generateKey(DashoA13*..) 
at com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:753) 
at com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:873) 
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:241) 
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) 
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) 
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654) 
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)

Une suggestion? Merci d'avance.

Source

2016-04-21 Pasquale C.

+0

Vous avez développé une connexion LDAP sécurisée » comment? Et qu'est-ce qui vous fait penser que HTTP a quelque chose à voir avec LDAP? – EJP

+0

Cela fonctionne correctement lorsque je commente le connecteur https. –

+0

J'ai essayé d'utiliser Java7 et cela fonctionne aussi mais j'ai besoin d'utiliser java6 –

Répondre

0

Voici la mise en œuvre ldap:

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");  
    env.put(Context.PROVIDER_URL, "ldaps://" + srv + ":"+server_port+"/??base?(objectClass=*)"); 

    if (authentication == null || authentication.trim().equals("")) 
     authentication = "simple"; 
    env.put(Context.SECURITY_AUTHENTICATION, authentication); 
    env.put(Context.SECURITY_PROTOCOL, "ssl"); 

    String keystore = System.getProperty("java.home") + "/lib/security/cacerts"; 
    System.setProperty("javax.net.ssl.trustStore", keystore); 
    String securityPrincipal = null; 

    if (this.template == null || this.template.equals("")) 
     securityPrincipal = "cn=" + user + "," + this.root; 
    else 
     securityPrincipal = this.template.replace("${user}", user); 

    env.put(Context.SECURITY_PRINCIPAL, user + "@" + this.domain); 
    env.put(Context.SECURITY_PRINCIPAL, "cn=" + user + "," + this.root); 
    env.put(Context.SECURITY_PRINCIPAL, securityPrincipal); 
    env.put(Context.SECURITY_CREDENTIALS, password); 

    try { 
     DirContext ctx = new InitialDirContext(env); 
    } ....

Source

2016-04-21 13:35:27

 Questions connexes

  • Aucun problème connexe^_^