2 Replies Latest reply on Sep 9, 2008 11:51 AM by newman79

How to : no role matching test ; connect LDAPS server and se

newman79 Sep 9, 2008 8:48 AM

Hi,

I'm a newbie in JBOSS, and JAAS.

I have followed some tutorials but I still cannot find a solution for 2
problems.

(1) In fact, my application internally manage role, and I don't want JAAS
to deal with it. So I'd like a system with login-config.xml and web.xml
<auth-contraints> <auth-role> tag, which permit to authentificate without
role check. (Anyway, there arent any role defined in the LDAP server for my
application, so I can't use role check.)

I've seen on the web that we can't put * to <auth-role> :
<auth-role>*</auth-role> doesn't work.

My login-config.xml application policy looks like that :

<application-policy name="ldap">

<login-module code="contollers.security.MyLDAPLoginModule"
flag="required">
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldaps://*******:636
ldaps://********:636</module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="bindDN">cn=webdiracbt,ou=appli,o=edf,c=fr</module-option>
<module-option name="bindCredential">******</module-option>
<module-option name="baseCtxDN">c=fr</module-option>
<module-option
name="baseFilter">(&(uid={0})(objectclass=inetorgperson))</module-option>
<module-option
name="rolesCtxDN">ou=xa,o=edfgdf,c=fr</module-option>
<module-option
name="roleFilter">(&(member={1})(objectclass=groupofnames))</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
</login-module>

</application-policy>

(2) Moreover, I'd like to use JAAS implemented classes and properties in
login-config.xml to connect to the LDAPS server and consult some
informations. I know I can do that with JNDI api, but is there a way to use
JAAS classes to do that.

(3) Another question : in my precedent implementation I still use JNDI ; I
set up mannually into code the properties for LDAPS connection. I add also
SSL to protocol to prevent eventual ambiguity. However, my truststore seems
to be empty and my JBOSS server seems to be successful in LDAPS connexion
... If anyone has an idea ...

1. Re: How to : no role matching test ; connect LDAPS server an

ragavgomatam Sep 9, 2008 11:03 AM (in response to newman79)

In fact, my application internally manage role, and I don't want JAAS
to deal with it.

JAAS stands for java authentication and authorization service. You can't just pick authentication & say I do not want authorization. They come together. Use default roles if you don't want
Actions
2. Re: How to : no role matching test ; connect LDAPS server an

newman79 Sep 9, 2008 11:51 AM (in response to newman79)

Use default roles if you don't want >> I agree and understand. But my users haven't any role in my LDAP server.

So how can I use default role, or shunt the system, if I can ?
Actions

Go to original post