我正在尝试将 tomcat 配置为使用 JNDI 领域连接到 ldap 数据库,以便与 Active Directory 集成。但是,我的日志中出现以下错误,并且似乎无法提高日志级别以查看实际情况。
Feb 19, 2014 10:10:41 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1048 ms
Feb 19, 2014 10:10:42 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 19, 2014 10:10:42 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.36
Feb 19, 2014 10:10:42 AM org.apache.catalina.realm.RealmBase init
FINE: Register Realm Catalina:type=Realm,realmPath=/realm0
Feb 19, 2014 10:10:42 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:34 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:44 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Feb 19, 2014 10:11:45 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Feb 19, 2014 10:11:45 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 64228 ms
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Security checking request GET /tip/
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Secure Area]' against GET /index.jsp --> true
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Secure Area]' against GET /index.jsp --> true
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling hasUserDataPermission()
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Calling authenticate()
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Failed authenticate() test
我在 tomcat 的 server.xml 中的 Realm 配置如下所示:(我显然删除了敏感信息)
<!-- JNDI Realm authentication start -->
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://<ldap server goes here>:389"
connectionName="cn=app,ou=service admin accounts,ou=users,o=iam"
connectionPassword="password goes here"
referrals="follow"
userBase="ou=fil,ou=users,o=iam"
userSearch="(AMAccountName={0})"
userSubtree="true"
roleBase="ou=groups,o=iam"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
<!-- JNDI Realm authentication end -->
我的 tomcat logging.properties 看起来像这样:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = ALL
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1
2localhost.org.apache.juli.FileHandler.level = ALL
2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.FileHandler.prefix = localhost.
3manager.org.apache.juli.FileHandler.level = ALL
3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.FileHandler.prefix = manager.
4host-manager.org.apache.juli.FileHandler.level = ALL
4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
# Possible levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = ALL
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = ALL
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = ALL
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
# For example, to log debug messages in ContextConfig and HostConfig
# classes and to log only warnings and errors in other
# org.apache.catalina.** classes, uncomment these lines:
#org.apache.catalina.startup.ContextConfig.level = FINE
#org.apache.catalina.startup.HostConfig.level = FINE
#org.apache.catalina.level = WARNING
因此,正如您所看到的,我尝试通过将 debug="99"添加到 server.xml 并将真实和身份验证器级别更改为 ALL 来提高日志级别。但是,除了错误 之外,我仍然没有得到任何看起来有用的东西。验证()测试失败
其余的日志信息在哪里?我期望看到 LDAP 查询结束。
最佳答案
你的设置在我看来是正确的。所以我想知道你确定还有其他日志要显示吗?
正如您在 JavaDocs 中看到的那样这个库的方法认证是这样定义的:
authenticate
protected abstract boolean authenticate(Request request,
Response response,
LoginConfig config)
throws java.io.IOException
Authenticate the user making this request, based on the specified login configuration.
Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
Parameters: request - Request we are processing response - Response we are creating config - Login configuration describing how authentication should be performed.
Throws: java.io.IOException - if an input/output error occurs
这意味着该方法仅在出现 IO 错误时才会抛出错误(以及一些带有它的日志信息),否则它只会返回 false(可能由于其他原因导致身份验证出错)。
因此,如果调用此方法的人不处理“错误”情况,则记录一些有意义的内容而仅记录“身份验证失败”可能是您的配置做得很好并且您无法从中获得其他信息的情况。
关于authentication - 无法使用 jndi 领域在 tomcat6 中增加日志级别调试,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21886846/