WebSphere Portal 6.0 Security 设置的一个小经验

 

关于Websphere Portal 以及 WAS的Security设置,一直都是个大问题,各种资料以及InfoCenter里面都列举了很多方法。这里我分享一个自己的经历。

 

在启动WPS (Websphere Portal Server)的时候,启动日志里面出现Secrurity的异常,例如一下是我遇到的

 

 

[10/9/09 11:32:31:715 CDT] 0000000a distContextMa E   SECJ0270E: Failed to get actual credentials. The exception is javax.naming.CommunicationException: Request: 1 cancelled
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:77)
        at com.sun.jndi.ldap.Connection.readReply(Connection.java:435)
......

[10/9/09 11:32:31:734 CDT] 0000000a distSecurityC E   SECJ0208E: An unexpected exception occurred when attempting to authenticate the server's id during security initialization. The exception is j
avax.naming.CommunicationException: Request: 1 cancelled
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:77)
        at com.sun.jndi.ldap.Connection.readReply(Connection.java:435)
......

[10/9/09 11:32:31:746 CDT] 0000000a distSecurityC E   SECJ0007E: Error during security initialization. The exception is javax.naming.CommunicationException: Request: 1 cancelled
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:77)
        at com.sun.jndi.ldap.Connection.readReply(Connection.java:435)
        at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:357)
......

[10/9/09 11:32:37:102 CDT] 0000000a WsServerImpl  E   WSVR0009E: Error occurred during startup
META-INF/ws-server-components.xml
[10/9/09 11:32:37:139 CDT] 0000000a WsServerImpl  E   WSVR0009E: Error occurred during startup
com.ibm.ws.exception.RuntimeError: com.ibm.ws.exception.RuntimeError: Request: 1 cancelled
        at com.ibm.ws.runtime.WsServerImpl.bootServerContainer(WsServerImpl.java:194)
.......

Caused by: com.ibm.ws.exception.RuntimeError: Request: 1 cancelled
        at com.ibm.ws.security.core.ServerSecurityComponentImpl.start(ServerSecurityComponentImpl.java:323)
......

Caused by: com.ibm.websphere.security.WSSecurityException: Request: 1 cancelled
        at com.ibm.ws.security.auth.distContextManagerImpl.getServerSubjectInternal(distContextManagerImpl.java:2192)
.....

Caused by: com.ibm.websphere.security.auth.WSLoginFailedException: Request: 1 cancelled
        at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:599)
        at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:437)
Caused by: com.ibm.websphere.security.CustomRegistryException: Request: 1 cancelled
        at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword(LdapRegistryImpl.java:326)
        at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:296)
        at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:574)
        ... 41 more
Caused by: com.ibm.websphere.security.CustomRegistryException: Request: 1 cancelled
        at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers(LdapRegistryImpl.java:1211)
        at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword(LdapRegistryImpl.java:293)
        ... 43 more
Caused by: javax.naming.CommunicationException: Request: 1 cancelled
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:77)
.............

 

 

不管怎么样,在确认认证没有问题的情况下,可以检查与security相关的几个配置文件:

 

第一个就是 . security.xml

 

这个文件在profile的目录下面,找到Profiles所在就行了,一般在: $WAS_Home/profiles/wp_profile/config/cells/$host_name/ 

 

这个文件的开头:

 

<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="true" activeProtocol="BOTH" enforceJava2Security="false" enforceFineGrainedJCASecurity="false" activeAuthMechanism="LTPA_1" activeUserRegistry="LDAPUserRegistry_1" defaultSSLSettings="SSLConfig_1">

 

这里activeUserRegistry="LDAPUserRegistry_1", 说明用的是LDAP; enabled="true",说明security是enable的。

 

再查看ldap的那一段:

 

  <userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1" serverId="tongh@us.ibm.com" serverPassword="{xor}Zx5saG1vZ2ZoGhs=" realm="www.vicdl.cn:389" ignoreCase="true" type="CUSTOM" sslEnabled="false" sslConfig="IBM-L/DefaultSSLSettings" baseDN="o=ibm.com" bindDN="uid=8A3720897ED,ou=persons,o=ibm.com" bindPassword="{xor}Zx5saG1vZ2ZoGhs=" searchTimeout="120" reuseConnection="true">
    <searchFilter xmi:id="LDAPSearchFilter_1" userFilter="(&amp;(authenid=%v)(objectclass=udperson))" groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))" userIdMap="*:authenid" groupIdMap="*:cn" groupMemberIdMap="groupOfNames:uniqueMember" certificateMapMode="EXACT_DN"/>
    <hosts xmi:id="EndPoint_1197566690469" host="www.vicdl.cn" port="389"/>
  </userRegistries>

 

这里需要检查的地方是:  serverId和serverPassword一定要正确,这是连接LDAP Server用的,其中password是加密的;realm和host就是LDAP Server的地址,后面的端口号要注意,如果是636,  sslEnabled应该设置成false,因为636是ssl加密的,如果是389默认非加密端口,sslEnabled="false".

 

第二个要注意到文件是wmm.xml

 

  在wps6.0下,这个文件一般在$WPS_Home/wmm/目录下面,检查这个文件是否有关于ldap的设置,如果有,检查一下设置是否正确,基本上和上面一样。

 

 

另外关于WAS的设置也和上面第一个文件的设置一样,第二个文件才是Websphere Portal 特有的

 

 

 

 

 

 

 

  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值