connecting jboss and openldap-error 403 Access to the reques
jiayin Jul 18, 2005 3:36 AMI'm trying to configure jboss to authenticate users in Openldap directory.Now when I access the URL,a popup windows appeared.If I enter correct username and password,I will encounter the error 403.But in log there is no any useful message.If my password is incorrect,the browser will keeping asking me to enter the username and password.
Below is some configuration file:
login-config.xml:
<application-policy name = "web-console">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://dl360-1.test:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">
uid=
</module-option>
<module-option name="principalDNSuffix">
,ou=people,dc=osm,dc=ab,dc=com
</module-option>
<module-option name="rolesCtxDN">
ou=groups,dc=osm,dc=ab,dc=com
</module-option>
<module-option name="roleAttributeID">cn
</module-option>
<module-option name="uidAttributeID">uid
</module-option>
<module-option name="matchOnUserDN">false
</module-option>
</login-module>
</application-policy>
web.xml:
<security-constraint>
<display-name>
Constraints of the Administration Console's Security Environment
</display-name>
<!-- URI security patterns and the HTTP methods to protect on them. -->
<web-resource-collection>
<web-resource-name>Protected Admininistration Console Resources</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<!-- Anyone with these roles may enter this area. -->
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss WEB Console</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>Admin</role-name>
</security-role>
jboss-web.xml:
<security-domain>java:/jaas/web-console</security-domain>
information of ldap:
ldapsearch -x -b 'dc=osm,dc=ab,dc=com'
# osm.hp.com
dn: dc=osm,dc=ab,dc=com
objectClass: dcObject
objectClass: organization
o: GDIC
dc: osm
# people, osm.ab.com
dn: ou=people,dc=osm,dc=ab,dc=com
objectClass: organizationalUnit
ou: people
# groups, osm.ab.com
dn: ou=groups,dc=osm,dc=ab,dc=com
objectClass: organizationalUnit
ou: groups
# jjones, people, osm.ab.com
dn: uid=jjones,ou=people,dc=osm,dc=ab,dc=com
objectClass: inetOrgPerson
uid: jjones
sn: jones
cn: janet jones
mail: j.jones@ab.com
# fbloggs, people, osm.ab.com
dn: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com
objectClass: inetOrgPerson
uid: fbloggs
sn: bloggs
cn: fred bloggs
mail: f.bloggs@ab.com
# tomcat, groups, osm.ab.com
dn: cn=tomcat,ou=groups,dc=osm,dc=ab,dc=com
objectClass: groupOfUniqueNames
cn: tomcat
uniqueMember: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com
uniqueMember: uid=jjones,ou=people,dc=osm,dc=ab,dc=com
# role1, groups, osm.ab.com
dn: cn=role1,ou=groups,dc=osm,dc=ab,dc=com
objectClass: groupOfUniqueNames
cn: role1
uniqueMember: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com