Can not get user role from LDAP server
saigon_man Sep 30, 2007 12:06 AMHello,
Following up my previous post about an LDAP connection error
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119428
I found the way to make it work. It turned out that Jboss portal somehow doesn't work well with ApacheDS (well, at least it doesn't work for me) so, I switch to OpenDS which worked pretty well for me. But there is a problem with jboss portal of pulling user info from LDAP such as role. Here is my configuration
In my login-config.xml (This is the only place that I made changes to connect to the LDAP server)
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="defaultRole">User</module-option> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://localhost:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="baseCtxDN">ou=People,o=test,dc=portal,dc=example,dc=com</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Roles,o=test,dc=portal,dc=example,dc=com</module-option> <module-option name="roleFilter">(member={1})</module-option> <module-option name="roleAttributeID">member</module-option> <module-option name="roleRecursion">-1</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="searchTimeLimit">5000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> </login-module>
I also created the "Authenticated" role and associated this role with all user names in the LDAP server. I was able to log in using username/passwork: jduke1/theduke (I was using the portal-sample-local.ldif from jboss)
But when I tried to get the role for this user, I got some errors. Here are the codes that i used to get user role
public String getUserRole(String username){ String userrole = ""; try{ RoleModule module = (RoleModule)new InitialContext().lookup("java:portal/RoleModule"); Role role = module.findRoleByName(username); userrole = role.getDisplayName(); if(role != null){ System.out.println("&**&*& Role is: " + userrole); }else{ System.out.println("&*&*& Role is null"); } }catch(Exception e){ System.out.println("&*&*&* InitialContext error"); } return userrole; }
When those codes are executed, I got these errors:
17:29:58,109 ERROR [HibernateRoleModuleImpl] Cannot find role by name jduke1
org.hibernate.HibernateException: Unable to locate current JTA transaction
at org.hibernate.context.JTASessionContext.currentSession(JTASessionCont
ext.java:61)
at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactor
yImpl.java:544)
at org.jboss.portal.identity.db.HibernateRoleModuleImpl.getCurrentSessio
n(HibernateRoleModuleImpl.java:386)
at org.jboss.portal.identity.db.HibernateRoleModuleImpl.findRoleByName(H
ibernateRoleModuleImpl.java:101)
at com.lmco.eagan.e2els.jboss.portlet.test.Users.getUserRole(Unknown Sou
rce)
at com.lmco.eagan.e2els.jboss.portlet.jsp.HelloWorldJSPPortlet.doView(Un
known Source)
at javax.portlet.GenericPortlet.doDispatch(GenericPortlet.java:133)
at javax.portlet.GenericPortlet.render(GenericPortlet.java:306)
at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.invokeRende
r(PortletContainerImpl.java:483)
at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.dispatch(Po
rtletContainerImpl.java:405)
at org.jboss.portal.portlet.container.PortletContainerInvoker$1.invoke(P
ortletContainerInvoker.java:86)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.j
ava:131)
at org.jboss.portal.core.aspects.portlet.TransactionInterceptor.org$jbos
s$portal$core$aspects$portlet$TransactionInterceptor$invokeNotSupported$aop(Tran
sactionInterceptor.java:86)
at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
rted_N4547270787964792031.java)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.
java:112)
at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
rted_N4547270787964792031.java)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.
java:102)
at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
rted_N4547270787964792031.java)
.....
My question is: is there a way to get the user role from LDAP? Am I missing something in the codes above or is there anything else I should do?
Your help is greatly appreciated
Thanks,
SGM