2 Replies Latest reply on Dec 16, 2007 7:55 AM by jbosexplorer

    j_security_check not working in LDAP based Authentication

    jbosexplorer
    jbosexplorer Dec 6, 2007 7:12 AM

      Hi There,

      I'm using JBoss 4.2.1. In our application, we have the following snippet in login.jsp.

      <form action="j_security_check" method="post">
<input name="j_username" type="text" class="input" id="j_username" size="20">
<input name="j_password" type="password" class="input" id="j_password" size="20">


      And, the web.xml has 
      <security-constraint>
 <web-resource-collection>
 <web-resource-name>Login Page</web-resource-name>
 <url-pattern>/logonNoSSO.jsp</url-pattern>
 <http-method>POST</http-method>
 <http-method>GET</http-method>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>myrealm</realm-name>
 <form-login-config>
 <form-login-page>/login.jsp</form-login-page>
 </form-login-config>
 </login-config>
 <security-role>
 <description>ADMIN Role</description>
 <role-name>adminRole</role-name>
 </security-role>


      The Jboss-web.xml has the following 
      <security-domain>java:/jaas/myrealm</security-domain>
 <security-role>
 <role-name>adminRole</role-name>
 <principal-name>Admin</principal-name>
 </security-role>



      When I try to login with correct user name / pwd I'm getting
      Access to the specified resource (Access to the requested resource has been denied) has been forbidden

      Could somebody help me to solve this issue?

      Thanks

      • 5594 Views
      • Tags:
        • 1. Re: j_security_check not working in LDAP based Authenticatio
          jbosexplorer
          jbosexplorer Dec 14, 2007 6:48 AM (in response to jbosexplorer)

          No takers so far?

          Some more information. I've my LDAP setting as

          <application-policy name = "myrealm">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="java.naming.security.principal">uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot</module-option>
 <module-option name="java.naming.security.credentials">pwd</module-option>
 <module-option name="baseDN">dc=company,dc=co,dc=uk</module-option>
 <module-option name="principalDNPrefix">uid=</module-option>
 <module-option name="principalDNSuffix">,ou=people,dc=company,dc=co,dc=uk</module-option>
 <module-option name="uidAttributeID">uid</module-option>
 <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 <module-option name="rolesCtxDN">ou=Roles,dc=company,dc=co,dc=uk</module-option>
 <module-option name="roleAttributeID">cn</module-option>
 <module-option name="roleAttributeIsDN">false</module-option>
 <module-option name="matchOnUserDN">true</module-option>

 </login-module>

 <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
 <module-option name="rolesProperties">props/propsrsdmRolesMapping.properties</module-option>
 <module-option name="replaceRole">false</module-option>
 </login-module>

 </authentication>
 </application-policy>


          My propsrsdmRolesMapping.properties file has 
          deploymentRole=RSMDeployment
admRole=RSMADM
skillsRole=RSMSkills
projManRole=RSMProjMan
spaRole=RSMSPA
itbmRole=RSMITBM
RSMSkills=skillsRole
RSMDeployment=deploymentRole
RSMADM=admRole
RSMProjMan=projManRole
RSMSPA=spaRole
RSMITBM=itbmRole


          Could anybody help?

          Ta

            • Actions
          • 2. Re: j_security_check not working in LDAP based Authenticatio
            jbosexplorer
            jbosexplorer Dec 16, 2007 7:55 AM (in response to jbosexplorer)

            Solved the problem. I've added the following in login-config.xml

            <module-option name="uidAttributeID">uniquemember</module-option>
 <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 <module-option name="rolesCtxDN">ou=Groups,dc=company,dc=co,dc=uk</module-option>
 <module-option name="matchOnUserDN">true</module-option>
 <module-option name="roleAttributeID">cn</module-option>
 <module-option name="roleAttributeIsDN">false</module-option>


            And, changed the following role-name in web.xml to the 'actual' role name as in LDAP. JBoss is not mapping the roles names described in jboss-web.xml

              • Actions