9 Replies Latest reply on Jan 31, 2014 3:28 PM by marcelomrwin

JBOSS + LDAP + JEE 6.

leandroeich Jan 28, 2014 8:17 AM

Bom dia galera,

estou com um problema para fazer comunicação entre JBOSS + LDAP + JEE 6.

Quando tento acessar minha aplicação pede usuário e senha porém não consigo logar, fica pedindo sempre.

Será que tenho alguma configuração errada na configuração do meu LDAP? criei um usuario dentro de users com uid=eich e senha teste

Segue a configuração do meu standalone.xml:

<security-domain name="teste_ldap">
                    <authentication>
                        <login-module code="LdapExtended" flag="required">
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
                            <module-option name="java.naming.security.authentication" value="simple"/>
                            <module-option name="bindDN" value="uid=admin,ou=system"/>
                            <module-option name="bindCredential" value="secret"/>
                            <module-option name="baseCtxDN" value="ou=users,ou=system"/>
                            <module-option name="baseFilter" value="(uid={0})"/>
                            <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
                            <module-option name="allowEmptyPasswords" value="true"/>
                        </login-module>
                    </authentication>
</security-domain>

web.xml

<security-constraint>
       <web-resource-collection>
            <web-resource-name>HtmlAuth</web-resource-name>
            <description>Sistema de segurança</description>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>Manager</role-name>
       </auth-constraint>
 </security-constraint>

  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Test LDAP</realm-name>
  </login-config>

  <security-role>
       <role-name>Manager</role-name>
  </security-role>

jboss-web.xml:


<jboss-web>
    <security-domain>java:/jaas/teste_ldap</security-domain>
</jboss-web>

1. Re: JBOSS + LDAP + JEE 6.

leandroeich Jan 28, 2014 8:18 AM (in response to leandroeich)

Se tiverem um exemplo funcionando. Obrigado
Actions
2. Re: JBOSS + LDAP + JEE 6.

adrianoschmidt Jan 28, 2014 11:20 AM (in response to leandroeich)

E aí Leandro, acho q faltou os roles.. adiciona aí:

<module-option name="rolesCtxDN" value="ou=groups,ou=system"/>

<module-option name="roleFilter" value="(member={1})"/>

<module-option name="roleAttributeID" value="cn"/>

Abraço!!
www.localhost8080.com.br
1 of 1 people found this helpful
Actions
3. Re: JBOSS + LDAP + JEE 6.

mauriciomag Jan 28, 2014 6:30 PM (in response to leandroeich)

Oi Leadro tudo bom?

Desculpe perguntar mas voce garantiu que realmente essa autenticação está funcionando fora da aplicação?

Existe algum log? Senão antes de enviar algum log para nós olharmos melhore a verbosidade do log. No seu Handler adicione algo como:

<logger category="org.jboss.security">
<level name="TRACE"/>
</logger>

Adicione também a opção: <module-option name="throwValidateError" value="true"/> assim podemos realmente encontrar a causa raiz.

Um Bom exemplo desse tipo de configuração pode ser encontrado no seguinte link: http://middlewaremagic.com/jboss/?p=378

Qualquer dúvida estamos ai...

Abraços
1 of 1 people found this helpful
Actions
4. Re: JBOSS + LDAP + JEE 6.

rodrigo.maciel.alba Jan 29, 2014 4:15 PM (in response to mauriciomag)

Oi pessoal... estou trabalhando aqui com o Leandro e seguimos esse tutorial do http://middlewaremagic.com/jboss/?p=378

Chegamos a um impasse.. nosso standalone.xml está assim:

<security-domain name="test_ldap_security_domain">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>

                            <module-option name="bindDN" value="uid=admin,ou=system"/>

                            <module-option name="bindCredential" value="secret"/>

                            <module-option name="baseCtxDN" value="ou=users,ou=system"/>

                            <module-option name="baseFilter" value="(uid={0})"/>

                            <module-option name="rolesCtxDN" value="ou=users,ou=system"/>

                            <module-option name="roleFilter" value="(uid={0})"/>

                            <module-option name="roleAttributeID" value="memberOf"/>

                            <module-option name="roleNameAttributeID" value="cn"/>

                            <module-option name="roleAttributeIsDN" value="true"/>

                            <module-option name="allowEmptyPasswords" value="true"/>

                            <module-option name="Context.REFERRAL" value="follow"/>

                            <module-option name="throwValidateError" value="true"/>

                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                        </login-module>

                        <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                            <module-option name="rolesProperties" value="../standalone/configuration/test-roles.properties"/>

                            <module-option name="replaceRole" value="false"/>

                        </login-module>

                    </authentication>

                </security-domain>

E o nosso web.xml está assim:

<login-config>

<auth-method>BASIC</auth-method>

</login-config>

<security-role>

<role-name>TestRole</role-name>

</security-role>

<security-constraint>

        <web-resource-collection>

            <web-resource-name>HtmlAuth</web-resource-name>

            <description>Sistema de segurança</description>

            <url-pattern>/*</url-pattern>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

        </web-resource-collection>

        <auth-constraint>

            <role-name>TestRole</role-name>

        </auth-constraint>

    </security-constraint>

Esse é o log de deploy:

19:01:14,425 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Iniciando a implantação do "supero-java-ear.ear" (runtime-name: "supero-java-ear.ear")

19:01:14,774 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Iniciando a implantação do "null" (runtime-name: "supero-java-web.war")

19:01:14,774 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015876: Iniciando a implantação do "null" (runtime-name: "supero-java-ejb.jar")

19:01:14,888 INFO [org.jboss.as.jpa] (MSC service thread 1-7) JBAS011401: Leia a persistence.xml para primary

19:01:14,924 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) JBAS010400: Limite da fonte de dados [java:jboss/datasources/adDS]

19:01:14,933 INFO [org.jboss.weld.deployer] (MSC service thread 1-6) JBAS016002: Processamento da implantação weld supero-java-ear.ear

19:01:14,936 INFO [org.jboss.weld.deployer] (MSC service thread 1-8) JBAS016002: Processamento da implantação weld supero-java-ejb.jar

19:01:14,945 INFO [org.jboss.weld.deployer] (MSC service thread 1-1) JBAS016002: Processamento da implantação weld supero-java-web.war

19:01:14,948 INFO [org.jboss.weld.deployer] (MSC service thread 1-3) JBAS016005: Iniciando os Serviços para a implantação CDI: supero-java-ear.ear

19:01:14,951 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:14,951 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear

19:01:14,952 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

19:01:14,953 INFO [org.jboss.weld.deployer] (MSC service thread 1-3) JBAS016008: Inicialização do serviço weld para a implantação supero-java-ear.ear

19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000314: commit, contextID: supero-java-ear.ear

19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000337: nextState for action commit: inService

19:01:14,957 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 67) JBAS011402: Iniciando Persistence Unit Serviço 'supero-java-ear.ear/supero-java-ejb.jar#primary'

19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: inService

19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: open

19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-ejb.jar

19:01:14,959 INFO [org.hibernate.ejb.Ejb3Configuration] (ServerService Thread Pool -- 67) HHH000204: Processing PersistenceUnitInfo [

name: primary

...]

19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action linkConfiguration: open

19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: open

19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-ejb.jar

19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

19:01:14,960 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear

19:01:14,960 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

19:01:14,961 INFO [org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator] (ServerService Thread Pool -- 67) HHH000130: Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider

19:01:14,969 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 67) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect

19:01:14,969 WARN [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 67) HHH000431: Unable to determine H2 database version, certain features may not work

19:01:14,972 INFO [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (ServerService Thread Pool -- 67) HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jta.CMTTransactionFactory

19:01:14,972 INFO [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (ServerService Thread Pool -- 67) HHH000397: Using ASTQueryTranslatorFactory

19:01:14,974 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (ServerService Thread Pool -- 67) HHH000227: Running hbm2ddl schema export

19:01:14,975 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (ServerService Thread Pool -- 67) HHH000230: Schema export complete

19:01:15,069 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:15,069 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: inService

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: open

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-web.war

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action linkConfiguration: open

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: open

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-web.war

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action commit: inService

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000314: commit, contextID: supero-java-ear.ear

19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action commit: inService

19:01:15,078 INFO [org.jboss.web] (ServerService Thread Pool -- 72) JBAS018210: Registra o contexto da web: /supero-java-web

19:01:15,086 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 72) Inicializando Mojarra 2.1.19-jbossorg-1 20131024-0833 para o contexto '/supero-java-web'

19:01:15,341 INFO [org.primefaces.webapp.PostConstructApplicationEventListener] (ServerService Thread Pool -- 72) Running on PrimeFaces 3.5

19:01:15,341 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 72) Monitoring jndi:/default-host/supero-java-web/WEB-INF/faces-config.xml for modifications

19:01:15,343 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebResourcePermission" "/*" "GET,POST")

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebResourcePermission" "/*" "!GET,POST")

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebUserDataPermission" "/*" "GET,POST")

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebUserDataPermission" "/*")

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "jsp" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "default" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "Faces Servlet" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "jsp" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "default" "TestRole")

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "Faces Servlet" "TestRole")

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: inService

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getPolicyConfiguration: open

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: open

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-web.war

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action linkConfiguration: open

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: open

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-web.war

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action commit: inService

19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000314: commit, contextID: supero-java-ear.ear

19:01:15,347 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action commit: inService

19:01:15,532 INFO [org.jboss.as.server] (DeploymentScanner-threads - 1) JBAS018559: Implantado "supero-java-ear.ear" (runtime-name: "supero-java-ear.ear")

E esse é o log quando a gente acessa uma página e acerta o usuário:

19:02:29,240 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000354: Setting security roles ThreadLocal: null

19:02:42,814 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000200: Begin isValid, principal: user01, cache entry: null

19:02:42,814 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000209: defaultLogin, principal: user01

19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000221: Begin getAppConfigurationEntry(test_ldap_security_domain), size: 2

19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000224: End getAppConfigurationEntry(test_ldap_security_domain), AuthInfo: AppConfigurationEntry[]:

[0]

LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule

ControlFlag: LoginModuleControlFlag: required

Options:

name=baseFilter, value=(uid={0})

name=bindDN, value=uid=admin,ou=system

name=rolesCtxDN, value=ou=users,ou=system

name=roleNameAttributeID, value=cn

name=Context.REFERRAL, value=follow

name=baseCtxDN, value=ou=users,ou=system

name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory

name=roleFilter, value=(uid={0})

name=allowEmptyPasswords, value=true

name=java.naming.provider.url, value=ldap://localhost:10389

name=bindCredential, value=****

name=roleAttributeIsDN, value=true

name=searchScope, value=SUBTREE_SCOPE

name=roleAttributeID, value=memberOf

name=throwValidateError, value=true

[1]

LoginModule Class: org.jboss.security.auth.spi.RoleMappingLoginModule

ControlFlag: LoginModuleControlFlag: optional

Options:

name=replaceRole, value=false

name=rolesProperties, value=../standalone/configuration/test-roles.properties

19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000236: Begin initialize method

19:02:42,815 WARN [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000234: Invalid or misspelled module option: Context.REFERRAL

19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000240: Begin login method

19:02:42,816 DEBUG [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000269: Failed to parse roleRecursion as number, using default value 0

19:02:42,816 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000220: Logging into LDAP server with env {throwValidateError=true, Context.REFERRAL=follow, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=******, jboss.security.security_domain=test_ldap_security_domain, java.naming.security.authentication=simple, baseCtxDN=ou=users,ou=system, roleAttributeIsDN=true, rolesCtxDN=ou=users,ou=system, java.naming.security.principal=uid=admin,ou=system, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(uid={0}), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=uid=admin,ou=system, bindCredential=******}

19:02:42,822 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000220: Logging into LDAP server with env {throwValidateError=true, Context.REFERRAL=follow, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=******, jboss.security.security_domain=test_ldap_security_domain, java.naming.security.authentication=simple, baseCtxDN=ou=users,ou=system, roleAttributeIsDN=true, rolesCtxDN=ou=users,ou=system, java.naming.security.principal=uid=user01,ou=users,ou=system, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(uid={0}), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=uid=admin,ou=system, bindCredential=******}

19:02:42,829 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000268: Assigning user to role user01

19:02:42,831 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000241: End login method, isValid: true

19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000236: Begin initialize method

19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000240: Begin login method

19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000242: Begin commit method, overall result: true

19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000242: Begin commit method, overall result: true

19:02:42,833 DEBUG [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000287: Failed to open properties file from URL: java.net.MalformedURLException: no protocol: ../standalone/configuration/test-roles.properties

at java.net.URL.<init>(URL.java:585) [rt.jar:1.7.0_45]

at java.net.URL.<init>(URL.java:482) [rt.jar:1.7.0_45]

at java.net.URL.<init>(URL.java:431) [rt.jar:1.7.0_45]

at org.jboss.security.auth.spi.Util.loadProperties(Util.java:300) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.security.auth.spi.RoleMappingLoginModule.getRoleSets(RoleMappingLoginModule.java:127) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:225) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) [:1.7.0_45]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]

at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_45]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_45]

at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_45]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]

19:02:42,835 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000288: Properties file ../standalone/configuration/test-roles.properties loaded, users: [Administrators]

19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@fc1abca, subject: Subject(1945461466).principals=org.jboss.security.SimplePrincipal@1061579375(user01)org.jboss.security.SimpleGroup@670416349(Roles(members:user01))org.jboss.security.SimpleGroup@670416349(CallerPrincipal(members:user01))

19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000201: End isValid, result = true

19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000354: Setting security roles ThreadLocal: null

Quando erramos a senha, é solicitado o usuário novamente, mas quando acertamos aparece no browser assim:

JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied

Acredito que é alguma configuração nas roles que está faltando... vocês tem alguma ideia?

Abs!
Rodrigo
Actions
5. Re: JBOSS + LDAP + JEE 6.

adrianoschmidt Jan 30, 2014 2:21 PM (in response to rodrigo.maciel.alba)

Fala mauriciomag

Eu trabalho com o Rodrigo e com o Leandro..

Sentei agora com eles pra ver isso e conseguimos resolver..

Mas seguimos um tutorial seu http://jbossdivers.wordpress.com/2012/02/12/utilizando-ldap-login-module-no-jboss-as-7-1/

Tivemos que fazer algumas pequenas alterações para funcionar com o nosso LDAP, mas deu certinho.. esse seu tutorial é demais! o do middlewaremagic não funcionou de jeito nenhum :/

Abraços,
Adriano Schmidt
www.localhost8080.com.br
Actions
6. Re: JBOSS + LDAP + JEE 6.

mauriciomag Jan 31, 2014 7:52 AM (in response to adrianoschmidt)

Legal Adriano fico feliz em ter contribuido para solução

Abs meu amigo.
Actions
7. Re: JBOSS + LDAP + JEE 6.

adrianoschmidt Jan 31, 2014 1:12 PM (in response to mauriciomag)

Só pra registrar, criei um artigo no meu blog documentando o passo-a-passo.

http://localhost8080.blogspot.com.br/2014/01/JBoss-EAP6-AS7-JAAS-LDAP-AD.html

Eu usei o Apache Directory Studio.. aí documentei como fiz pra criar o server LDAP nele também.

Abraço! E obrigadão Mauricio!!
Actions
8. Re: JBOSS + LDAP + JEE 6.

mauriciomag Jan 31, 2014 1:37 PM (in response to adrianoschmidt)

Ai sim hein seu tutorial ficou mil vezes melhor que o meu rsrsrs show!

Vlw
Actions
9. Re: JBOSS + LDAP + JEE 6.

marcelomrwin Jan 31, 2014 3:28 PM (in response to adrianoschmidt)

Valeu Adriano. Vou dar uma sacada depois.
Actions

Go to original post

JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied