Hi
i`m newbie in LDAP with SLL.
My problem is, i connect in server LDAP from my web application and do the
authentication by LDAP with SSL.
when i enter user name and password throws this exception:
2008-01-14 15:04:52,074 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
- <Servlet.service() for servlet cas threw exception>
java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at
org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
at
org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
at
org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
at
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
at
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler.java:58)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:79)
at
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:282)
at
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
at
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:238)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:399)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)
this is my deployConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a
CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because
this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is to
change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and
passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager
by reference to its id,
| "authenticationManager". Most deployers will be able to use
the default
AuthenticationManager
| implementation and so do not need to change the class of this
bean. We
include the whole
| AuthenticationManager here in the userConfigContext.xml so
that you can
see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers
that identify what
Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in
order, finding a
CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for
two purposes.
First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the
default
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other
kind of credentials
than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these
resolvers to identify a
service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are
identifying services by
something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
|
UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
| by default and produces
SimplePrincipal instances conveying the
username from the credentials.
|
| If you've changed your
LoginFormAction to use credentials other than
UsernamePasswordCredentials then you will also
| need to change this bean declaration
(or add additional declarations)
to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
|
HttpBasedServiceCredentialsToPrincipalResolver supports
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL
callback, extracting the callback URL
from the Credentials and representing it as a
| SimpleService identified by that
callback URL.
|
| If you are representing services by
something more or other than an
HTTPS URL whereat they are able to
| receive a proxy callback, you will
need to change this bean
declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who
it is some
Credentials might authenticate,
| AuthenticationHandlers actually authenticate
credentials. Here we
declare the AuthenticationHandlers that
| authenticate the Principals that the
CredentialsToPrincipalResolvers
identified. CAS will try these handlers in turn
| until it finds one that both supports the Credentials
presented and
succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler
that authenticates services by
means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
<property
name="httpClient"
ref="httpClient" />
</bean>
<!--
| This is the authentication handler
declaration that every CAS
deployer will need to change before deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the
password. You will need to replace
this with an AuthenticationHandler that implements your
| local authentication strategy. You
might accomplish this by coding a
new such handler and declaring
|
edu.someschool.its.cas.MySpecialHandler here, or you might use one of
the handlers provided in the adaptors modules.
+-->
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u"
/>
<property name="searchBase"
value="cn=Users,dc=z,dc=z" />
<property name="contextSource"
ref="contextSource" />
<property name="ignorePartialResultException"
value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="password" value="{11111}"/>
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldaps://irisad.net/</value>
</list>
</property>
<property name="userName" value="{cn=aa,cn=Users,dc=z,dc=z}"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.protocol</value>
</key>
<value>ssl</value>
</entry>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry>
<key>
<value>java.naming.referral</value>
</key>
<value>follow</value>
</entry>
</map>
</property>
</bean>
</beans>
thanks.
--
View this message in context:
http://www.nabble.com/SSLHandshakeException-when-try-connect-LDAP-tp14799522p14799522.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
