【发布时间】:2017-02-17 04:41:50
【问题描述】:
我正在开发一个 Java Web 应用程序,该应用程序在与其他应用程序交互时应模拟用户。由于没有对特定应用程序本身应用授权,因此该委托机制能否正常工作至关重要。使用的身份验证机制是 Kerberos。
我希望能够使用 JUnit 运行嵌入式 KDC 来验证各种身份验证方面。我正在尝试使用 ApacheDS - 几年前有一些关于如何使用 LDAP 执行此操作的示例,我按照示例 here 开始使用。按照链接的示例,当我运行此冒烟测试时,我无法使第 1 步工作:
@RunWith(FrameworkRunner.class)
@CreateDS(name = "KerberosTcpITest", partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com")}, additionalInterceptors = {KeyDerivationInterceptor.class})
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@CreateKdcServer(transports = {@CreateTransport(protocol = "TCP", port = 6086)})
@ApplyLdifFiles("example.ldif")
public class EmbeddedKerberos101 {
@Test
public void test() {
}
}
我在尝试查找 LDIF 文件 schema/ou=schema/cn=apachedns/ou=objectclasses/m-oid=1.3.6.1.4.1.18060.0.4.2.3.9.ldif 时出错,这看起来像我的 @ ApplyLdifFiles 注释被忽略,默认值被恢复。
堆栈跟踪是:
org.apache.directory.api.ldap.schema.extractor.UniqueResourceException: Problem locating LDIF file in schema repository
Multiple copies of resource named 'schema/ou=schema/cn=apachedns/ou=objectclasses/m-oid=1.3.6.1.4.1.18060.0.4.2.3.9.ldif' located on classpath at urls
jar:file:/Users/*/.m2/repository/org/apache/directory/api/api-ldap-schema-data/1.0.0-RC1/api-ldap-schema-data-1.0.0-RC1.jar!/schema/ou%3dschema/cn%3dapachedns/ou%3dobjectclasses/m-oid%3d1.3.6.1.4.1.18060.0.4.2.3.9.ldif
jar:file:/Users/*/.m2/repository/org/apache/directory/server/apacheds-all/2.0.0-M15/apacheds-all-2.0.0-M15.jar!/schema/ou%3dschema/cn%3dapachedns/ou%3dobjectclasses/m-oid%3d1.3.6.1.4.1.18060.0.4.2.3.9.ldif
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.getUniqueResource(DefaultSchemaLdifExtractor.java:358)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.getUniqueResourceAsStream(DefaultSchemaLdifExtractor.java:335)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractFromClassLoader(DefaultSchemaLdifExtractor.java:373)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractOrCopy(DefaultSchemaLdifExtractor.java:165)
at org.apache.directory.api.ldap.schema.extractor.impl.DefaultSchemaLdifExtractor.extractOrCopy(DefaultSchemaLdifExtractor.java:185)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.initSchema(DefaultDirectoryServiceFactory.java:172)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.build(DefaultDirectoryServiceFactory.java:256)
at org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory.init(DefaultDirectoryServiceFactory.java:125)
at org.apache.directory.server.core.factory.DSAnnotationProcessor.createDS(DSAnnotationProcessor.java:96)
at org.apache.directory.server.core.factory.DSAnnotationProcessor.getDirectoryService(DSAnnotationProcessor.java:328)
at org.apache.directory.server.core.integ.FrameworkRunner.run(FrameworkRunner.java:109)
在我的测试资源中我有 krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = localhost:6088
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = false
和example.ldif
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
冒烟测试无法启动是否有原因?是否有即插即用的替代方法可以在我的以身份验证为重点的单元/本地集成测试中启动并运行模拟 KDC?其他开发人员如何测试他们的凭证委托机制的工作原理?
【问题讨论】:
标签: java junit kerberos delegation apacheds