2 Replies Latest reply on Jun 25, 2007 5:01 AM by mata98

    Getting started with LDAP

    mata98
    mata98 Jun 22, 2007 7:38 AM

      Hi all,

      I'm an newby in AS development, so excuse my ignorance (and my joggled english).

      Actually I'm challenged with the implementation of the security layer of my application (called tms).
      My configuration:
      I put the client-application as jar-file with all further needed libraries into one war-file, next with the server ejb and further service archives into one (huge) ear-file. Deployment without any security works fine.

      I have to meet the requirement to verify the login against LDAP,
      so I set up my application policy in server/tms/conf/login.config.xml:

       <application-policy name = "tms">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
 flag="required">
 <module-option name="java.naming.factory.initial">
 com.sun.jndi.ldap.LdapCtxFactory
 </module-option>
 <module-option name="java.naming.provider.url">
 ldap://ldapserver:389/
 </module-option>
 <module-option name="java.naming.security.authentication">
 simple
 </module-option>

 <module-option name="password-stacking">useFirstPass</module-option>

....

 </login-module>
 <login-module code="org.jboss.security.ClientLoginModule"
 flag="required">
 <module-option name="password-stacking">useFirstPass</module-option>
 </login-module>
 </authentication>
 </application-policy>


      I configured my web-application in war/web-inf/web.xml: 
       <security-constraint>
 <web-resource-collection>
 <web-resource-name>restricted</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>tms.user</role-name>
 </auth-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </security-constraint>

 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>TMS</realm-name>
 </login-config>

 <security-role>
 <role-name>tms.user</role-name>
 </security-role>


      As result, when requesting my application from within a webbrowser (localhost:8080/tms) I see a standard web-login dialog, the login works fine, it even refuses wrong user/passwords ;).
      But the first try to request an EJB fails with
      [LdapLoginModule] Bad password for username=null


      So what's missing, how do I propagate the principal/credential from the initial login to the EJB-request ?

      One further challenge: I have to modify the Login dialog to insert a further 'mandatory' field, where can I configure and introduce my own dialog ?

      Thanks in advance,
      Matz

      • 833 Views
      • Tags:
        • 1. Re: Getting started with LDAP
          mata98
          mata98 Jun 22, 2007 7:41 AM (in response to mata98)

          Sorry, I'm using
          Jboss 4.0.5 GA,
          Java 1.5.0_09

            • Actions
          • 2. Re: Getting started with LDAP
            mata98
            mata98 Jun 25, 2007 5:01 AM (in response to mata98)

            Hi, once more.

            If I got it right - during the weekend - I'm twisting to mechanisms that cannot be combined.
            As described above I use a server-side authentication/authorisation, to secure the access to my EJB's I have to use client side, which means creating a LoginContext with CallbackHandler etc.

            If I got it right, this means, that ANY person can access my application, only the communication with the AS is restricted via JaasSecurityManager.
            ???

            Bye

              • Actions