AuthenticationNotSupportedException：DIGEST-MD5在WebSphere [英] AuthenticationNotSupportedException: DIGEST-MD5 on WebSphere

问题描述

我碰到试图从我的Web服务中身份验证的一个问题。这里是code失败。

 私人InitialDirContext callDirectory（字符串密码，
            字符串usernameWithoutDomain）抛出NamingException的
    {
        InitialDirContext CTX;
        哈希表＆LT;字符串，字符串＆GT; ENV =新的Hashtable＆LT;字符串，字符串＆GT;（）;        env.put（Context.INITIAL_CONTEXT_FACTORYcom.sun.jndi.ldap.LdapCtxFactory）;
        env.put（Context.PROVIDER_URL，_ldapUrl）;
        env.put（Context.SECURITY_AUTHENTICATION，DIGEST-MD5）;
        env.put（Context.SECURITY_PRINCIPAL，usernameWithoutDomain）;
        env.put（Context.SECURITY_CREDENTIALS，密码）;
        CTX =新InitialDirContext（ENV）;
        返回CTX;
    }
 

这code工作对Active Directory在AIX上使用IBM的JVM 1.5，但不能在同一台机器使用相同的虚拟机上的WebSphere中运行6.1的时候。

我试图控制所有变量，到目前为止，它看起来像WebSphere不太preventing的DIGEST-MD5 LDAP验证。任何想法，为什么？

下面是堆栈跟踪：

  javax.naming.AuthenticationNotSupportedException：DIGEST-MD5
     在com.sun.jndi.ldap.sasl.LdapSasl.saslBind（LdapSasl.java:115）
     在com.sun.jndi.ldap.LdapClient.authenticate（LdapClient.java:229）
     在com.sun.jndi.ldap.LdapCtx.connect（LdapCtx.java:2652）
     在com.sun.jndi.ldap.LdapCtx＆LT;＆初始化GT;（LdapCtx.java:298）
     在com.sun.jndi.ldap.LdapCtxFactory.getUsingURL（LdapCtxFactory.java:190）
     在com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs（LdapCtxFactory.java:208）
     在com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance（LdapCtxFactory.java:151）
     在com.sun.jndi.ldap.LdapCtxFactory.getInitialContext（LdapCtxFactory.java:81）
     在javax.naming.spi.NamingManager.getInitialContext（NamingManager.java:679）
     在javax.naming.InitialContext.getDefaultInitCtx（InitialContext.java:259）
     在javax.naming.InitialContext.init（InitialContext.java:235）
     在javax.naming.InitialContext中的＆LT;＆初始化GT;（InitialContext.java:209）
     在security.ActiveDirectoryReader.openDirectoryContext（ActiveDirectoryReader.java:80）
 

解决方案

，以便其他人可以从中受益：
修改文件：/opt/IBM/WebSphere/AppServer/java/jre/lib/security/java.security
做security.provider搜索，并在其他供应商的底部添加一行（如果它不是已经在那里）：
security.provider.X = com.ibm.security.sasl.IBMSASL（其中X是序列中的下一个号码为它上面的线）

我们有同样的问题，即使开了与IBM PMR（谁仍然不知道如何解决）

其实答案从自己的链路来了：
<一href=\"http://www.ibm.com/developerworks/java/jdk/security/50/secguides/saslDocs/ibm.sasl.provider.guide.html\" rel=\"nofollow\">http://www.ibm.com/developerworks/java/jdk/security/50/secguides/saslDocs/ibm.sasl.provider.guide.html

看来这应该是关于默认...

I've run into a problem attempting to authenticate from within my web services. Here is the code that fails.

private InitialDirContext callDirectory(String password,
            String usernameWithoutDomain) throws NamingException 
    {
        InitialDirContext ctx;
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, _ldapUrl ); 
        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); 
        env.put(Context.SECURITY_PRINCIPAL, usernameWithoutDomain ); 
        env.put(Context.SECURITY_CREDENTIALS, password);  
        ctx = new InitialDirContext(env);
        return ctx;
    }

This code works against Active Directory on AIX using IBM's 1.5 JVM, but not on the same machine with the same VM when run inside WebSphere 6.1.

I've tried to control for all variables, and so far it looks like WebSphere is preventing the DIGEST-MD5 LDAP Authentication. Any ideas why?

Here is the stack trace:

javax.naming.AuthenticationNotSupportedException: DIGEST-MD5 
     at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:115) 
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:229) 
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652) 
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) 
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) 
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81) 
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679) 
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259) 
     at javax.naming.InitialContext.init(InitialContext.java:235) 
     at javax.naming.InitialContext.<init>(InitialContext.java:209) 
     at security.ActiveDirectoryReader.openDirectoryContext(ActiveDirectoryReader.java:80)

解决方案

So that others can benefit from this: modify the file :/opt/IBM/WebSphere/AppServer/java/jre/lib/security/java.security do a search for security.provider and add a line at the bottom of the other providers (if it's not already in there): security.provider.X=com.ibm.security.sasl.IBMSASL (where X is the next number in sequence for the lines above it)

We had this same issue, even opened a PMR with IBM (who still doesn't know how to fix)

The answer actually came from their own link: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/saslDocs/ibm.sasl.provider.guide.html

seems this is supposed to be "on" by default...

这篇关于AuthenticationNotSupportedException：DIGEST-MD5在WebSphere的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！