1 Reply Latest reply on Jan 30, 2012 3:00 PM by spolti

    jmx-console ldap authentication

    spolti
    spolti Jan 27, 2012 12:17 PM

      Hello folks.

       

       

      I have been trying use ldap to authenticate jmx-console users, but i got the follow error when i type user/pass:

       

       

      HTTP Status 403 - Access to the requested resource has been denied

      type Status report

      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

       

       

       

      Anyone knows what it can be?

       

       

      Thx.

      • 2834 Views
      • Tags:
        • 1. Re: jmx-console ldap authentication
          spolti
          spolti Jan 30, 2012 3:00 PM (in response to spolti)

          Hi everyone,

           

          I managed to solve the problem.

           

          We need change de web.xml from jmx-console specifying the "realm", like that:

           

          <realm-name>admin</realm-name>

           

          and in the login-config.xml we need put this tag too.

          Still on web.xml I removed the role-name by "*".

           

          The tags security-constraint, login-config and security-role were so:

           


           

          <security-constraint>

               <web-resource-collection>

                 <web-resource-name>HtmlAdaptor</web-resource-name>

                 <description>Testing Ldap authentication</description>

                 <url-pattern>/*</url-pattern>

               </web-resource-collection>

               <auth-constraint>

                 <role-name>*</role-name>

               </auth-constraint>

             </security-constraint>

           

             <login-config>

                <auth-method>BASIC</auth-method>

                <realm-name>admin</realm-name>

             </login-config>

           

             <security-role>

                <role-name>*</role-name>

             </security-role>

           

           

          And following my login-config:

           

          <application-policy name="testLdap">
                <authentication>
                  <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
                                flag="required">
                      <module-option name="java.naming.factory.initial">
                          com.sun.jndi.ldap.LdapCtxFactory
                          </module-option>
                      <module-option name="java.naming.provider.url">
                          ldap://127.0.0.1:389/
                      </module-option>
                      <module-option name="java.naming.security.authentication">
                          simple
                      </module-option>
                      <module-option name="realm">admin</module-option>
                      <module-option name="principalDNPrefix">uid=</module-option>
                      <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=com</module-option>
                      <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=com</module-option>
                      <module-option name="uidAttributeID">member</module-option>
                      <module-option name="matchOnUserDN">true</module-option>
                      <module-option name="roleAttributeID">cn</module-option>
                      <module-option name="roleAttributeIsDN">false</module-option>
                  </login-module>
              </authentication>
          </application-policy>

           

           

           

          Regards!

            • Actions