LDAPLoginModule Example Won't work for me?
aweissman Feb 5, 2003 5:03 PMI have been trying to get the basic LDAP example that is in the jboss docs going for about a week and can't figure out whats going wrong. Using form based login, I can authenticate correctly, but my roles don't work correctly to authorize me for a secured page.
Here's an LDIF of my directory, and my login-config.xml, along with the web.xml of the application that I'm trying to secure.
LDIF
-------------------------------
dn: o=solspark
objectClass: top
objectClass: organization
o: solspark
dn: ou=Roles,o=solspark
ou: Roles
objectClass: top
objectClass: organizationalunit
dn: ou=People,o=solspark
ou: People
objectClass: top
objectClass: organizationalunit
dn: uid=alanw,ou=People,o=solspark
fn: alan
ln: weissman
objectClass: top
objectClass: jbossuser
uid: alanw
dn: cn=jbosssx,ou=Roles,o=solspark
cn: jbosssx
objectClass: top
objectClass: jbossuserroles
roleName: Developer
uid: alanw
login-config.xml
-------------------------------
<?xml version="1.0"?>
<application-policy name="SunOneDirectory">
<login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
<module-option name="java.naming.security.authentiaction">simple</module-option>
<module-option name="java.naming.security.principal">admin</module-option>
<module-option name="java.naming.security.credentials">XXXXXX</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,o=solspark</module-option>
<module-option name="uidAttributeID">uid</module-option>
<module-option name="roleAttributeID">roleName</module-option>
<module-option name="rolesCtxDN">cn=jbosssx,ou=Roles,o=solspark</module-option>
</login-module>
</application-policy>
web.xml
-------------------------------
<web-app>
<!-- the entire site is secure (/* = everything) -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<!-- only users belonging to the "users" and "admin" groups may access the site -->
<auth-constraint>
<role-name>Developer</role-name>
</auth-constraint>
</security-constraint>
<!-- tell the app server which authentication to use and where to
find the login page -->
<login-config>
<!-- use this for form based authentication -->
<auth-method>FORM</auth-method>
<realm-name>java:jaas/SunOneDirectory</realm-name>
<form-login-config>
<form-login-page>/login/loginpage.jsp</form-login-page>
<form-error-page>/login/loginerror.jsp</form-error-page>
</form-login-config>
<!-- end form based authentication -->
</login-config>
<!-- list the possible security roles -->
<security-role>
<role-name>Developer</role-name>
</security-role>
</web-app>
If anyone can see anything wrong going on, please let me know.
Thanks in advance,
Alan