LDAP: After successful authentication, all pages 403-Forbidden
jabailo Dec 24, 2009 1:15 PMI am using LDAP authentication with JBoss
From my logs and various tests, I am sure that my username is authenticating.
I checked my LDAP logs (running on remote server) and it records that the user authenticates.
However, after authenticating via login.jsp, I cannot browse any other page.
They all report -- 403 Access Forbidden
Not sure what to try next ...here is my entry for login-config.xml
Here is my entry for login-config.xml
<application-policy name="broadbaseema">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://10.100.230.64:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.security.credentials">clear-text password</module-option>
<module-option name="principalDNPrefix">cn=</module-option>
<module-option name="principalDNSuffix">,ou=Users,dc=ing,dc=com</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=ing,dc=com</module-option>
<module-option name="uidAttributeID">uniqueMember</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>
</authentication>
</application-policy>
It's been suggested adding
<module-option name="java.naming.security.principal">??</module-option>
But not sure what to add...a user? And how do I give the user correct permissions to browse the directory?
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>broadbaseema</web-resource-name>
<description>Require users to authenticate</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only allow Authenticated_users role</description>
<role-name>Authenticated_users</role-name>
</auth-constraint>
<user-data-constraint>
<description>Encryption is not required for the application in general. </description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<realm-name>broadbaseema</realm-name>
<form-login-page>/a1/login.jsp</form-login-page>
<form-error-page>/a1/login-error.html</form-error-page>
</form-login-config>
</login-config>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/broadbaseema</security-domain>
</jboss-web>