无法在 Alfresco 6.2 上将 AOS 与 Kerberos SSO 结合使用
Cannot use AOS with Kerberos SSO on Alfresco 6.2
我们使用 Kerberos SSO 设置了 Alfresco 6.2,我们的用户需要使用 AOS。
Kerberos SSO 有效:用户从他们的 Windows 客户端自动登录 Share。
AOS 似乎已正确安装:
使用 NTLM 身份验证,用户可以从共享中签出、编辑和保存 MS Word 中的文档。
但是在启用 Kerberos SSO 的情况下,当用户签出文档时,以下堆栈跟踪会出现在 Alfresco 的日志中,并且用户无法在文档中保存修改:
nov. 26, 2021 12:25:35 PM org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet [WebDAV] a généré une exception
java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.PROPFIND
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at org.springframework.http.HttpMethod.valueOf(HttpMethod.java:33)
at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:97)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:209)
at jdk.internal.reflect.GeneratedMethodAccessor659.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory.invoke(ChainingSubsystemProxyFactory.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:330)
at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:182)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
有时我们也会遇到同样的错误,但是 HttpMethod.LOCK :
déc. 01, 2021 11:58:18 AM org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet [AosWebdavService] a généré une exception
java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.LOCK
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at org.springframework.http.HttpMethod.valueOf(HttpMethod.java:33)
at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:97)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:209)
at jdk.internal.reflect.GeneratedMethodAccessor719.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory.invoke(ChainingSubsystemProxyFactory.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor719.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.alfresco.module.aosmodule.auth.AosWebDavAuthenticationFilterInterceptor.invoke(AosWebDavAuthenticationFilterInterceptor.java:44)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ServletMetricsFilter.doFilter(ServletMetricsFilter.java:161)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
这是我们在 Word 中打开文档时的 localhost_access 日志:
[01/Dec/2021:12:10:58 +0100] "OPTIONS /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/ HTTP/1.1" 401 80
[01/Dec/2021:12:10:58 +0100] "OPTIONS /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/ HTTP/1.1" 200 -
[01/Dec/2021:12:10:58 +0100] "GET /_vti_inf.html HTTP/1.1" 200 247
[01/Dec/2021:12:10:58 +0100] "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1" 200 230
[01/Dec/2021:12:10:58 +0100] "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1" 200 194
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 401 80
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 200 2515
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 200 1789
[01/Dec/2021:12:10:58 +0100] "HEAD /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 -
[01/Dec/2021:12:10:58 +0100] "LOCK /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3359
[01/Dec/2021:12:10:58 +0100] "GET /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 11381
[01/Dec/2021:12:10:58 +0100] "PROPFIND /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3367
[01/Dec/2021:12:10:58 +0100] "HEAD /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 -
这里是我们尝试保存文档时的日志:
[01/Dec/2021:12:12:03 +0100] "LOCK /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3359
上面提供了代码 500 错误的堆栈跟踪(没有枚举常量 HttpMethod.LOCK 和 .PROPFIND)。
查看堆栈跟踪和源代码后,似乎错误发生在由 BaseKerberosAuthenticationFilter 扩展的 BaseSSOAuthenticationFilter 中,当它尝试对具有 PROPFIND 或 LOCK 设置的 HTTP 方法的请求进行根化时,它们是不是标准的 HTTP 方法。
这让我觉得AOS不支持SSO。
这是我们在露天的身份验证链-global.properties :
authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
然后我们设置一个aos.baseUrlOverwrite属性.
我们也使用反向代理,但在我们的案例中这似乎不是问题,因为请求已正确路由,并且 AOS 与 NTLM 身份验证一起使用。
所以我的问题是:
- AOS 可以在 alfresco 6.2 上与 Kerberos SSO 一起使用吗?官方文档说MS Office确实支持Kerberos,但是没有明确说AOS支持或者不支持Kerberos。
- 如果是,如何让它工作?我们错过了什么吗?
这实际上是一个已知错误,已在 Alfresco 6.2.2.2 中修复:
https://alfresco.atlassian.net/browse/MNT-21758
安装 ACS 6.2.2.21 解决了这个问题。
遗憾的是这张票(或整个网站?)没有被搜索引擎索引...
我们使用 Kerberos SSO 设置了 Alfresco 6.2,我们的用户需要使用 AOS。
Kerberos SSO 有效:用户从他们的 Windows 客户端自动登录 Share。
AOS 似乎已正确安装:
使用 NTLM 身份验证,用户可以从共享中签出、编辑和保存 MS Word 中的文档。
但是在启用 Kerberos SSO 的情况下,当用户签出文档时,以下堆栈跟踪会出现在 Alfresco 的日志中,并且用户无法在文档中保存修改:
nov. 26, 2021 12:25:35 PM org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet [WebDAV] a généré une exception
java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.PROPFIND
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at org.springframework.http.HttpMethod.valueOf(HttpMethod.java:33)
at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:97)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:209)
at jdk.internal.reflect.GeneratedMethodAccessor659.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory.invoke(ChainingSubsystemProxyFactory.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:330)
at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:182)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
有时我们也会遇到同样的错误,但是 HttpMethod.LOCK :
déc. 01, 2021 11:58:18 AM org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet [AosWebdavService] a généré une exception
java.lang.IllegalArgumentException: No enum constant org.springframework.http.HttpMethod.LOCK
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at org.springframework.http.HttpMethod.valueOf(HttpMethod.java:33)
at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:97)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:209)
at jdk.internal.reflect.GeneratedMethodAccessor719.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory.invoke(ChainingSubsystemProxyFactory.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor719.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.alfresco.module.aosmodule.auth.AosWebDavAuthenticationFilterInterceptor.invoke(AosWebDavAuthenticationFilterInterceptor.java:44)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy216.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ServletMetricsFilter.doFilter(ServletMetricsFilter.java:161)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
这是我们在 Word 中打开文档时的 localhost_access 日志:
[01/Dec/2021:12:10:58 +0100] "OPTIONS /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/ HTTP/1.1" 401 80
[01/Dec/2021:12:10:58 +0100] "OPTIONS /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/ HTTP/1.1" 200 -
[01/Dec/2021:12:10:58 +0100] "GET /_vti_inf.html HTTP/1.1" 200 247
[01/Dec/2021:12:10:58 +0100] "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1" 200 230
[01/Dec/2021:12:10:58 +0100] "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1" 200 194
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 401 80
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 200 2515
[01/Dec/2021:12:10:58 +0100] "POST /alfresco/aos/_vti_bin/_vti_aut/author.dll HTTP/1.1" 200 1789
[01/Dec/2021:12:10:58 +0100] "HEAD /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 -
[01/Dec/2021:12:10:58 +0100] "LOCK /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3359
[01/Dec/2021:12:10:58 +0100] "GET /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 11381
[01/Dec/2021:12:10:58 +0100] "PROPFIND /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3367
[01/Dec/2021:12:10:58 +0100] "HEAD /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 200 -
这里是我们尝试保存文档时的日志:
[01/Dec/2021:12:12:03 +0100] "LOCK /alfresco/aos/Espaces%20Utilisateurs/svc_alfresco/Test-1.docx HTTP/1.1" 500 3359
上面提供了代码 500 错误的堆栈跟踪(没有枚举常量 HttpMethod.LOCK 和 .PROPFIND)。
查看堆栈跟踪和源代码后,似乎错误发生在由 BaseKerberosAuthenticationFilter 扩展的 BaseSSOAuthenticationFilter 中,当它尝试对具有 PROPFIND 或 LOCK 设置的 HTTP 方法的请求进行根化时,它们是不是标准的 HTTP 方法。
这让我觉得AOS不支持SSO。
这是我们在露天的身份验证链-global.properties :
authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
然后我们设置一个aos.baseUrlOverwrite属性.
我们也使用反向代理,但在我们的案例中这似乎不是问题,因为请求已正确路由,并且 AOS 与 NTLM 身份验证一起使用。
所以我的问题是:
- AOS 可以在 alfresco 6.2 上与 Kerberos SSO 一起使用吗?官方文档说MS Office确实支持Kerberos,但是没有明确说AOS支持或者不支持Kerberos。
- 如果是,如何让它工作?我们错过了什么吗?
这实际上是一个已知错误,已在 Alfresco 6.2.2.2 中修复:
https://alfresco.atlassian.net/browse/MNT-21758
安装 ACS 6.2.2.21 解决了这个问题。
遗憾的是这张票(或整个网站?)没有被搜索引擎索引...