LDAP Authentication
sethtrain Jan 31, 2006 3:08 PMI know this horse is probably beat to death but I just can't get it. I have looked and read and just don't understand.
1. In my login-config.xml file I have (which I think is correct) this:
<application-policy name="kwormSecurity"> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" > <module-option name="java.naming.provider.url">ldap://server.school.edu</module-option> <module-option name="rolesCtxDN">dc=school,dc=edu</module-option> <module-option name="matchOnUserDN">false</module-option> <module-option name="principalDNSuffix">@school.edu</module-option> <module-option name="uidAttributeID">userPrincipalName</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">name</module-option> </login-module> </application-policy>
2. I have a form that submits (via POST) to j_security_check.
<form action="j_security_check" method="post"> <table> <tr> <td> <label for="username">Username:</label> </td> <td> <input type="text" id="username" name="username" /> </td> </tr> ...
Now comes the parts that I don't understand..
I think there is something I have to put in my jboss-web.xml file (I assume appname is my context-root):
<security-domain>java:/jaas/appname</security-domain>
This information goes in my web.xml file:
<security-constraint> <web-resource-collection> <web-resource-name>Application</web-resource-name> <description>Require users to authenticate</description> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Only allow Authenticated_users role</description> <role-name>Authenticated_users</role-name> </auth-constraint> <user-data-constraint> <description>Encryption is not required for the application in general. </description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
I guess where I am confused is what ties my security-constraint (the info I put in my web.xml file) to the application-policy (what I put in my login-config.xml file)?
-- Thanks --
Seth