OpenAM Java EE agent plain text password

Question

В documentation, похоже, я могу настроить простой текстовый пароль вместо зашифрованного.

com.iplanet.am.service.secret

При использовании обычного текстового пароля, установите этот пароль для профиля агента и оставьте am.encryption.pwd пустым.

Итак, я установил следующее в моих OpenSSOAgentBootstrap.properties:

com.iplanet.am.service.secret = myPlainTextPassword 
am.encryption.pwd = 

Доступ к применению агента теперь дает мне:

java.lang.RuntimeException: Failed to load configuration: Invalid application password specified 
    com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:790) 
    com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73) 

Я также видел из here, что я должен вместо этого используйте com.iplanet.am.service.password. Это тоже не сработало.

Есть ли что-то, что должно быть установлено на сервере OpenAM? Я что-то пропустил на стороне агента?

---

Edit 1

OpenAM Сервер v12.0.0, а агент Tomcat является v3.3.0. записей журнала перед исключением:

2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization started 
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.web.context.support.XmlWebApplicationContext - Refreshing WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:09,634 [localhost-startStop-1] INFO org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/servlet-context.xml] 
Apr 01, 2015 12:44:09 PM org.apache.catalina.core.ApplicationContext log 
INFO: Initializing Spring FrameworkServlet 'myapp' 
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.beans.factory.support.DefaultListableBeanFactory - Overriding bean definition for bean 'mvcContentNegotiationManager': replacing [Root bean: class [org.springframework.web.accept.ContentNegotiationManagerFactoryBean]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration; factoryMethodName=mvcContentNegotiationManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]] 
2015-04-01 12:44:09,775 [localhost-startStop-1] INFO org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader - Skipping bean definition for [BeanMethod:name=mvcUriComponentsContributor,declaringClass=org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport]: a definition for bean 'mvcUriComponentsContributor' already exists. This top-level bean definition is considered as an override. 
2015-04-01 12:44:09,994 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:10,135 [localhost-startStop-1] INFO org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler] 
2015-04-01 12:44:10,182 [localhost-startStop-1] INFO org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: WebApplicationContext for namespace 'myapp': startup date [Wed Apr 01 12:44:09 PDT 2015]; parent: Root WebApplicationContext 
2015-04-01 12:44:10,213 [localhost-startStop-1] INFO org.apache.tiles.access.TilesAccess - Publishing TilesContext for context: org.springframework.web.servlet.view.tiles3.SpringWildcardServletTilesApplicationContext 
2015-04-01 12:44:10,244 [localhost-startStop-1] INFO org.springframework.web.servlet.DispatcherServlet - FrameworkServlet 'myapp': initialization completed in 610 ms 
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["http-bio-8081"] 
Apr 01, 2015 12:44:10 PM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["http-bio-8081"] 
java.lang.RuntimeException: Invalid application password specified 
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1030) 
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720) 
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745) 

debug.out показывает агента:

amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
********************************************** 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration.setOrganizationName: organization name for realm is set to:/
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: service resolver set to: com.sun.identity.agents.tomcat.v6.AmTomcatAgentServiceResolver 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: service resolver reports EJBContext available: false 
amAgentCore:04/01/2015 12:44:35:314 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
AgentConfiguration: Application User: myAgent 
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
********************************************** 
amSDK:04/01/2015 12:44:35:329 PM PDT: Thread[http-bio-8081-exec-1,5,main] 
ERROR: JCEEncryption:: failed to decrypt data 
java.lang.NullPointerException 
    at com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:246) 
    at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:141) 
    at com.iplanet.services.util.Crypt.decode(Crypt.java:343) 
    at com.iplanet.services.util.Crypt.decryptLocal(Crypt.java:238) 
    at com.sun.identity.agents.arch.AM70Crypt.decrypt(AM70Crypt.java:57) 
    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1020) 
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:720) 
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1140) 
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1579) 
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:675) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:274) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:364) 
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:73) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745) 

Answer 1

Давайте посмотрим на этот исходный код взят из GitHub: OpenRock/OpenAM

private static synchronized void setApplicationPassword() { 
    if (!isInitialized()) { 
     try { 
      _crypt = ServiceFactory.getCryptProvider(); 
      if(_crypt != null) { 
       String encodedPass = getProperty(SDKPROP_APP_PASSWORD); 
       _applicationPassword = _crypt.decrypt(encodedPass); 
      } 
     } catch (Exception ex) { 
      logError("AgentConfiguration: Unable to create new instance of " + "Crypt class with exception ", ex); 
     } 
     if (_applicationPassword == null || _applicationPassword.trim().length() == 0) { 
      throw new RuntimeException("Invalid application password specified"); 
     } 
    } 
} 

Константа SDFSFD defined, как :

public static final String SDKPROP_APP_PASSWORD = "com.iplanet.am.service.secret"; 

Как видите, AgentConfiguration читает пароль и сохраняет его в encodedPass.

Так что я считаю, что метод getCryptProvider возвращает сломанный Cryptprovider (_crypt). _crypt.decrypt(encodedPass) получить NullPointerException и переменную _applicationPassword никогда не инициализироваться, тогда будет выведено RuntimeException.

Убедитесь, что ваша конфигурация разрешает или определяет CryptProvider.

---

ок я видел ваш редактировать

NullPointerException происходит here. Попытайтесь это интерпретировать.

final Cipher pbeCipher = cipherProvider.getCipher(); // NPE 

Answer 2

документация представляется некорректным, от того, что я могу сказать на основе исходного кода AgentConfiguration, пароль может быть предоставлен только в зашифрованном формате (который также означает, что am.encryption.pwd должен быть установлен также правильно.