Java JBOSS上的ActiveDirectoryLdapAuthenticationProvider_Java_Jboss_Spring Security Ldap

Java JBOSS上的ActiveDirectoryLdapAuthenticationProvider

java jboss

Java JBOSS上的ActiveDirectoryLdapAuthenticationProvider,java,jboss,spring-security-ldap,Java,Jboss,Spring Security Ldap,我正在尝试在JBOSS EAP 6.3上使用ActiveDirectoryLdapAuthenticationProvider实现Active Directory身份验证如果要验证的用户id被锁定/过期，我会遇到以下意外异常 org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.n

我正在尝试在JBOSS EAP 6.3上使用ActiveDirectoryLdapAuthenticationProvider实现Active Directory身份验证

如果要验证的用户id被锁定/过期，我会遇到以下意外异常

org.springframework.ldap.UncategorizedLdapException:
Uncategorized exception occured during LDAP processing;
nested exception is javax.naming.NamingException:
JBAS011843: Classloader ModuleClassLoader for Module
"deployment.multildap.war:main" from Service Module Loader
failed to instanciate InitialContextFactory 
com.sun.jndi.ldap.LdapCtxFactory [Root exception is
javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
    comment: AcceptSecurityContext error, data 533, v1db1 ]]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217) [spring-ldap-core-1.3.2.RELEASE.jar:1.3.2.RELEASE]
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:187) [spring-security-ldap-3.2.5.RELEASE.jar:3.2.5.RELEASE]
...

我的配置如下所示，它在Tomcat8上运行良好

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="adAuthenticationProvider" />
</authentication-manager>

<beans:bean id="adAuthenticationProvider"
    class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="DOMAIN_NAME.COM" />
    <beans:constructor-arg value="ldap://my-comain-controller/" />
</beans:bean>

但在JBOSS中，引发的NamingException似乎不是AuthenticationException或OperationNotSupportedException的实例。它们被包装为根本原因，异常本身是NamingException

快速而肮脏的解决方案可能会在else部分添加一些额外的行，如下所示：

Throwable rootCause = e.getRootCause();
if ((rootCause instanceof AuthenticationException) || (rootCause instanceof OperationNotSupportedException)) {
    handleBindException(bindPrincipal, (NamingException) rootCause);
    throw badCredentials(rootCause);
} else {
    throw LdapUtils.convertLdapException(e);
}

是否有人有类似的问题和/或更好的解决方案

Throwable rootCause = e.getRootCause();
if ((rootCause instanceof AuthenticationException) || (rootCause instanceof OperationNotSupportedException)) {
    handleBindException(bindPrincipal, (NamingException) rootCause);
    throw badCredentials(rootCause);
} else {
    throw LdapUtils.convertLdapException(e);
}