Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
In the application we used ldap authentication using jSecurityCheck in the login form ..
This is the configuration in web.xml for ldap authentication
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldapRealm</realm-name>
<form-login-config>
<form-login-page>/login.htm</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
The session will be logged out due to Single sign on.
After logging in with {"rs":[]}, it gives an empty page.
We had to delete the url till application-url/ and then refresh again every time.
I had seen similar threads .. But all are using springSecurity configuration.
So is it possible to avoid this in zk without springSecurity?
zk version used: 5.0.7
One cause for this is if the LDAP server (or AD server in my case) resets the connection. As a consequence JNDIRealm.authenticate returns a null Principal. Sample backtrace:
WARNING: Exception performing authentication javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'CN=Users,DC=ad,DC=example,DC=com' at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1992) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1340) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1188) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1147) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1089) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:947) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:454) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:679) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:185) at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) at java.io.BufferedInputStream.read(BufferedInputStream.java:334) at com.sun.jndi.ldap.Connection.run(Connection.java:820) ... 1 more
public class JNDIRealmRetryOnceForZkoss extends JNDIRealm{
@Override
public Principal authenticate(final String username, final String credentials){
Principal p;
try{
p = super.authenticate(username, credentials);
}catch(final Exception e){
p = null;
}
if(p != null){
return p;
}
return super.authenticate(username, credentials);
}
}Asked: 2011-12-27 12:52:53 +0800
Seen: 290 times
Last updated: Jan 07 '12