jmx-console HTTP Status 403 - Access to the requested resou
janareid Jul 20, 2004 12:49 PMTrying to use LdapLoginConfig to secure jmx-console.
Get "Status 403".
Setup is as follows:
login-config.xml WITH
<application-policy name="jmx-console">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://server2.company.com:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option>
<module-option name="rolesCtxDN">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option>
<module-option name="uidAttributeID">uid</module-option>
<module-option name="roleAttributeID">nsrole</module-option>
</login-module>
</application-policy>
web.xml WITH
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jmx-console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
ldapsearch SHOWS
server1.company.com# ldapsearch -h server2.company.com -p 389 -b "cn=jbossadmin,ou=Roles,dc=company,dc=com" -s one "uid=jboss" nsrole -x -W
Enter LDAP Password:
version: 2
#
# filter: uid=jboss
# requesting: nsrole
#
# jboss, JBossAdmin, Roles, company, com
dn: uid=jboss,cn=JBossAdmin,ou=Roles, dc=company,dc=com
nsrole: cn=jbossadmin,ou=roles,dc=company,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
LOGS SHOW
[19/Jul/2004:10:22:50 -0500] conn=118992 op=-1 msgId=-1 - fd=73 slot=73 LDAP connection from 192.168.2.172 to 192.168.2.203
[19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - BIND dn="uid=jboss,cn=jbossadmin,ou=Roles,dc=company,dc=com" method=128 version=3
[19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jboss,cn=jbossadmin,ou=roles,dc=company,dc=com"
[19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - SRCH base="cn=jbossadmin,ou=roles,dc=company,dc=com" scope=1 filter="(&(uid=jboss))" attrs="nsRole"
[19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=3 - UNBIND
[19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=-1 - closing - U1
[19/Jul/2004:10:22:51 -0500] conn=118992 op=-1 msgId=-1 - closed.
What am I missing? Is "role-name" in need of being added as naming attribute somewhere else.
Thanks in advance for any help or clues. : )
-Jana