1. 首页
  2. 问答
  3. OpenAM Java EE代理明文密码

OpenAM Java EE代理明文密码

2015-04-01 27 views
4

documentation中,看起来我可以设置纯文本密码而不是加密密码。OpenAM Java EE代理明文密码

com.iplanet.am.service.secret

当使用明文密码,这个设置的密码代理档案信息,并留下am.encryption.pwd空白。

所以,我给自己定在我的OpenSSOAgentBootstrap.properties如下:

com.iplanet.am.service.secret = myPlainTextPassword 
am.encryption.pwd =

现在访问的代理应用程序给我:

java.lang.RuntimeException: Failed to load configuration: Invalid application password specified 
    com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:790) 
    com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73)

我也是从here看到了,我应该改为使用com.iplanet.am.service.password。这也没有用。

是否有必须在OpenAM服务器上设置的东西?我在代理方面遗漏了什么?

编辑1

OpenAM服务器是v12.0.0,和Tomcat的试剂是V3.3.0。异常之前 日志条目:

2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization started 
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.context.support.XmlWebApplicationContext - Refreshing WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/servlet-context.xml] 
Apr 01, 2015 12:44:09 PM org.apache.catalina.core.ApplicationContext log 
INFO: Initializing Spring FrameworkServlet 'myapp' 
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.beans.factory.support.DefaultListableBeanFactory - Overriding bean definition for bean 'mvcContentNegotiationManager': replacing [Root bean: class [org.springframework.web.accept.ContentNegotiationManagerFactoryBean]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration; factoryMethodName=mvcContentNegotiationManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]] 
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader - Skipping bean definition for [BeanMethod:name=mvcUriComponentsContributor,declaringClass=org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport]: a definition for bean 'mvcUriComponentsContributor' already exists. This top-level bean definition is considered as an override. 
2015-04-01 12:44:09,994 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:10,135 [localhost-startStop-1] INFO org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler] 
2015-04-01 12:44:10,182 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:10,213 [localhost-startStop-1] INFO org.apache.tiles.access.TilesAccess - Publishing TilesContext for context: org.springframework.web.servlet.view.tiles3.SpringWildcardServletTilesApplicationContext 
2015-04-01 12:44:10,244 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization completed in 610 ms 
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["http-bio-8081"] 
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["http-bio-8081"] 
java.lang.RuntimeException: Invalid application password specified 
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1030) 
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720) 
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745)

代理的debug.out显示:

amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
********************************************** 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration.setOrganizationName: organization name for realm is set to:/
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: service resolver set to: com.sun.identity.agents.tomcat.v6.AmTomcatAgentServiceResolver 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: service resolver reports EJBContext available: false 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: Application User: myAgent 
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
********************************************** 
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
ERROR: JCEEncryption:: failed to decrypt data 
java.lang.NullPointerException 
    at com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:246) 
    at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:141) 
    at com.iplanet.services.util.Crypt.decode(Crypt.java:343) 
    at com.iplanet.services.util.Crypt.decryptLocal(Crypt.java:238) 
    at com.sun.identity.agents.arch.AM70Crypt.decrypt(AM70Crypt.java:57) 
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1020) 
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720) 
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745)

来源

2015-04-01 user4739556

+0

你使用的是什么openAM版本? – dit 2015-04-01 19:25:41

+0

请在例外之前显示日志 – dit 2015-04-01 19:35:32

+0

显然不能在评论中添加太多内容。所以我添加了附加信息作为原始帖子的编辑。 – user4739556 2015-04-01 21:47:18

回答

2

让我们来看看从GitHub: OpenRock/OpenAM 

private static synchronized void setApplicationPassword() { 
    if (!isInitialized()) { 
     try { 
      _crypt = ServiceFactory.getCryptProvider(); 
      if(_crypt != null) { 
       String encodedPass = getProperty(SDKPROP_APP_PASSWORD); 
       _applicationPassword = _crypt.decrypt(encodedPass); 
      } 
     } catch (Exception ex) { 
      logError("AgentConfiguration: Unable to create new instance of " + "Crypt class with exception ", ex); 
     } 
     if (_applicationPassword == null || _applicationPassword.trim().length() == 0) { 
      throw new RuntimeException("Invalid application password specified"); 
     } 
    } 
}

恒SDFSFD defined如采取此源代码:

public static final String SDKPROP_APP_PASSWORD = "com.iplanet.am.service.secret";

正如你所看到的AgentConfiguration读取密码并将其存储到encodedPass

所以我相信方法getCryptProvider返回破解Cryptprovider(_crypt)。 _crypt.decrypt(encodedPass)获取NullPointerException并且变量_applicationPassword从未初始化,则会抛出RuntimeException。

确保您的配置允许或定义CryptProvider

确定我看到你的编辑

NullPointerException异常发生here。尝试解释这一点。

final Cipher pbeCipher = cipherProvider.getCipher(); // NPE

来源

2015-04-01 22:09:58 dit

+1

今天看看代码,看起来密码必须始终加密。回到这里报告,看到彼得的回应确认。但是,谢谢你指出我正确的方向。 – user4739556 2015-04-02 17:30:49

1

的文件似乎是不正确的,从我可以根据AgentConfiguration的源代码告诉,密码只能以加密的形式提供(这也意味着am.encryption.pwd应设置以及正确的。

来源

2015-04-02 14:26:30

+0

重新编码后有这种怀疑。谢谢你的确认。似乎无法将您的答案标记为已接受。 – user4739556 2015-04-02 17:32:45

相关问题

 相关问题