1 Reply Latest reply on Jan 9, 2006 11:09 AM by schachi

    get attributes of application-policy

    schachi

      i have a web application running on JBoss 4.0.3rc1 which authenticates against a LDAP. everything works fine.

      now, i have to search ldap for all existing roles.

      jboss-service.xml

      <mbean code="org.jboss.naming.ExternalContext"
       name="jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss">
       <attribute name="JndiName">external/ldap/jboss</attribute>
       <attribute name="Properties">
       java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
       java.naming.provider.url=ldap://localhost:389
       java.naming.security.principal=cn=Manager,dc=eactAG,dc=ch
       java.naming.security.authentication=simple
       java.naming.security.credentials=testonetwoonetwo
       </attribute>
       <attribute name="InitialContext"> javax.naming.ldap.InitialLdapContext </attribute>
       <attribute name="RemoteAccess">true</attribute>
      </mbean>
      


       try {
       InitialContext jndiContext = new InitialContext();
       LdapContext ldapCtx = (LdapContext) jndiContext.lookup("external/ldap/jboss");
       String filter = "(objectclass=*)";
       String[] attrIDs = {"cn"};
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(ctls.SUBTREE_SCOPE);
       NamingEnumeration answer = ldapCtx.search("ou=Roles,dc=eactAG,dc=ch", filter, ctls);
      
       while (answer.hasMore()) {
       SearchResult sr = (SearchResult)answer.next();
       try{System.err.println((String)sr.getAttributes().get("cn").get());} catch (Exception ex) {}
       }
       }
       catch (Exception ex) {
       ex.printStackTrace();
       }
      


      works fine, but i have to make it more generic. one way is to pass the ldap-properties rolesctxdn and roleAttributeID, but i'm not pleased with it because
      this informations are allready declared in the login-config.xml

      (login-config.xml)
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
       <module-option name="java.naming.provider.url">ldap://localhost:389/</module-option>
       <module-option name="rolesCtxDN">ou=Roles,dc=eactAG,dc=ch</module-option>
       <module-option name="matchOnUserDN">true</module-option>
       <module-option name="principalDNSuffix">,ou=People,dc=eatAG,dc=ch</module-option>
       <module-option name="principalDNPrefix">uid=</module-option>
       <module-option name="uidAttributeID">member</module-option>
       <module-option name="roleAttributeID">cn</module-option>
       <module-option name="roleAttributeIsDN">false</module-option>
       <module-option name="unauthenticatedIdentity">guest</module-option>
       </login-module>
       </authentication>
      


      is there a way to get this informations in a java-programm? i read the api (*securitymanager* +-), but i didn't found anything.

      do i really have to admin this informations redudant?

      thank you for reply
      marc


        • 1. Re: get attributes of application-policy
          schachi

           

           MBeanServer server = MBeanServerLocator.locateJBoss();
           java.net.URL url = (java.net.URL)server.getAttribute(new ObjectName("jboss.security:service=XMLLoginConfig"), "ConfigURL");
           SAXBuilder builder = new SAXBuilder();
           Document document = builder.build(url);