-
FEATURED COMPONENTS
First time here? Check out the FAQ!
In the application we used ldap authentication using jSecurityCheck in the login form ..
This is the configuration in web.xml for ldap authentication
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldapRealm</realm-name>
<form-login-config>
<form-login-page>/login.htm</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
The session will be logged out due to Single sign on.
After logging in with {"rs":[]}, it gives an empty page.
We had to delete the url till application-url/ and then refresh again every time.
I had seen similar threads .. But all are using springSecurity configuration.
So is it possible to avoid this in zk without springSecurity?
zk version used: 5.0.7
One cause for this is if the LDAP server (or AD server in my case) resets the connection. As a consequence JNDIRealm.authenticate returns a null Principal. Sample backtrace:
WARNING: Exception performing authentication javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'CN=Users,DC=ad,DC=example,DC=com' at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1992) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1340) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1188) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1147) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1089) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:947) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:454) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:679) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:185) at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) at java.io.BufferedInputStream.read(BufferedInputStream.java:334) at com.sun.jndi.ldap.Connection.run(Connection.java:820) ... 1 more
public class JNDIRealmRetryOnceForZkoss extends JNDIRealm{ @Override public Principal authenticate(final String username, final String credentials){ Principal p; try{ p = super.authenticate(username, credentials); }catch(final Exception e){ p = null; } if(p != null){ return p; } return super.authenticate(username, credentials); } }
Asked: 2011-12-27 12:52:53 +0800
Seen: 290 times
Last updated: Jan 07 '12