8 Replies Latest reply on Jan 11, 2013 4:48 AM by sanssan

Jboss7 LDAP configuration

teena.buchade Nov 9, 2011 11:31 PM

Hi,

I am struggling in doing LDAP conguration in Jboss 7

I have made the following changes in the standalone.xml

<security-domains>

<security-domain name="other" cache-type="default">

<login-module code="Disabled" flag="required"/>

</authentication>

</security-domain>

<security-domain name="LDAP">

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

<module-option name="java.naming.provider.url" value="ldap://10.10.10.10:389"/>

<module-option name="bindDN value="ou=people,dc=mycompany,dc=com"/>

<module-option name="bindCredential" value="xxxx"/>

<module-option name="baseCtxDN" value="cn=Manager,dc=mycompany,dc=com"/>

<module-option name="baseFilter" value="(uniqueMember={0})"/>

<module-option name="rolesCtxDN" value="ou=groups,dc=mycompany,dc=com"/>

<module-option name="roleFilter" value="(uniqueMember={0})"/>

<module-option name="roleNameAttributeID" value="cn"/>

<module-option name="roleAttributeIsDN" value="true"/>

<module-option name="allowEmptyPasswords" value="false"/>

<module-option name="Context.REFERRAL" value="follow"/>

<module-option name="throwValidateError" value="true"/>

<module-option name="allowEmptyPasswords" value="true"/>

</login-module>

</authentication>

</security-domain>

</security-domains>

added :

<global-modules>

</global-modules>

</subsystem>

but i amgetting the following error when i try to login :

09:59:13,093 ERROR [org.jboss.security.auth.spi.DisabledLoginModule] (http--127.0.0.1-8080-1) The security domain other has been disabled. All authentication will fail. Please check your configuration to make sure this is expected

09:59:13,108 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Login Failure: all modules ignored

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921) [:1.6.0_21]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]

at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]

at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

Kindly help me in getting rid from this error.

Thanks in advance.

1. Re: Jboss7 LDAP configuration

jaikiran Nov 13, 2011 10:07 AM (in response to teena.buchade)

09:59:13,093 ERROR [org.jboss.security.auth.spi.DisabledLoginModule] (http--127.0.0.1-8080-1) The security domain other has been disabled. All authentication will fail. Please check your configuration to make sure this is expected
It looks like you are using the "other" security domain which has been disabled. Make sure you use the LDAP security domain in your application.
1 of 1 people found this helpful
Actions
2. Re: Jboss7 LDAP configuration

teena.buchade Jan 24, 2012 5:09 AM (in response to jaikiran)

Hi i have changed the configuration but now i am getting the following error:

15:14:09,157 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--127.0.0.1-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties f
        at org.jboss.security.auth.spi.Util.loadProperties(Util.java:227) [picketbox-4.0.1.jar:4.0.1]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:188) [picketbox-4.0.1.jar:4.0.1]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:202) [picketbox-4.0.1.jar:4.0.1]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:129) [picketbox-4.0.1.jar:4.0.1]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_21]
        at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]
        at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
        at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

15:14:09,157 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Missing users.properties file.
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:150) [picketbox-4.0.1.jar:4.0.1]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_21]
        at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]
        at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]
        at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
        at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
        at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]
Actions
3. Re: Jboss7 LDAP configuration

jaikiran Jan 25, 2012 12:09 AM (in response to teena.buchade)

What does the new configuration look like and what does your jboss-web.xml (or jboss-ejb3.xml) with the security-domain configuration look like?
Actions
4. Re: Jboss7 LDAP configuration

teena.buchade Jan 25, 2012 12:40 AM (in response to jaikiran)

Hi jaikiran

Thanks for the reply the current configuration is as below:

<security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="LdapExtended" flag="required"/>
                    </authentication>
   </security-domain>

<security-domain name="LDAP" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.provider.url" value="ldap://10.10.10.10:389"/>
                            <module-option name="bindDN" value="cn=Manager,dc=mycompany,dc=com"/>
                            <module-option name="bindCredential" value="password"/>
                            <module-option name="baseCtxDN" value="ou=people,dc=mycompany,dc=com"/>
                            <module-option name="baseFilter" value="uid={0},ou=people,dc=mycompany,dc=com"/>
                            <module-option name="rolesCtxDN" value="ou=groups,dc=mycompany,dc=com"/>
                            <module-option name="roleFilter" value="(uniqueMember={0})"/>
                            <module-option name="roleNameAttributeID" value="cn"/>
                            <module-option name="roleAttributeIsDN" value="true"/>
                            <module-option name="allowEmptyPasswords" value="false"/>
                            <module-option name="Context.REFERRAL" value="follow"/>
                            <module-option name="throwValidateError" value="true"/>
                        </login-module>
                    </authentication>
                </security-domain>

jboss-web.xml is as below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
   "-//JBoss//DTD Web Application 5.0//EN"
   "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
          <security-domain>java:/jaas/LDAP</security-domain>
</jboss-web>
Actions
5. Re: Jboss7 LDAP configuration

jaikiran Jan 25, 2012 10:48 PM (in response to teena.buchade)

teena buchade wrote:

<security-domain>java:/jaas/LDAP</security-domain>

This is incorrect. It should just be the name of the security domain.

<security-domain>LDAP</security-domain>
Actions
6. Re: Jboss7 LDAP configuration

teena.buchade Jan 31, 2012 7:31 AM (in response to jaikiran)

Hi jaiKiran

Thanks for the help.

I got rid from the above error but still i am not able to log in my application i am getting the below page after submitting the username and password but cant see any error or stacktrace on the console.

HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
JBoss Web/7.0.1.Final

I tried to enable the enable TRACE level logging of security using the below configuration but failed in that part .

      <subsystem xmlns="urn:jboss:domain:logging:1.1">
               ......
           <logger category="org.jboss.security">
                <level name="TRACE"/>
            </logger>
            <logger category="org.jboss.as.web.security">
                <level name="TRACE"/>
            </logger>
      </subsystem>

Kindly help in in configurting TRACE level logging and to solve the above problem.
Actions
7. Re: Jboss7 LDAP configuration

teena.buchade Feb 2, 2012 11:30 PM (in response to teena.buchade)

Hi

Any update on the above mentioned issue.

Kindly let me know any possible solution.
Actions
8. Re: Jboss7 LDAP configuration

sanssan Jan 11, 2013 4:48 AM (in response to teena.buchade)

Hi Teena,

I do have the same issue now.

Did you fix that? If so, please share the solution here...
Actions

Go to original post

HTTP Status 403 - Access to the requested resource has been denied

JBoss Web/7.0.1.Final