3 Replies Latest reply on Apr 6, 2015 5:39 AM by valsaraj007

    Custom LDAP security domain

    valsaraj007
    valsaraj007 Jan 16, 2015 4:05 AM

      Hi,

       

      I would like to know in detail about creating custom LDAP security domain to use with JAAS. Please share if you have any samples.

       

      Thanks in advance!

        • 1. Re: Custom LDAP security domain
          valsaraj007
          valsaraj007 Jan 30, 2015 5:28 AM (in response to valsaraj007)

          I have done this by creating a custom login module by extending LoginModule class.

           

          <bindings>

           

              <external-context name="java:global/app/ldap" class="javax.naming.directory.InitialDirContext" cache="true">

                  <environment>

                      <property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />

                      <property name="java.naming.provider.url" value="ldap://ldap.example.com:636" />

                      <property name="java.naming.security.authentication" value="simple" />

                      <property name="java.naming.security.principal" value="uid=admin,ou=system" />

                      <property name="java.naming.security.credentials" value="xxxxxxx" />

                  </environment>

              </external-context>

              <lookup name="java:global/c" lookup="java:global/b" />

          </bindings>

           

          Created LDAP external context like this and passed to my security domain custom login module as module option.

                    <security-domain name="appLDAP" cache-type="default">

                              <authentication>

                                  <login-module code="org.app.security.auth.MyLoginModule" flag="required" module="com.app.configuration">

                                      <module-option name="jaasSecurityDomain" value="java:global/app/ldap"/>

                                      <module-option name="principalDNPrefix" value="uid"/>

                                      <module-option name="principalDNSuffix" value="ou=system,dc=app,dc=com"/>

                                      <module-option name="rolesCtxDN" value="ou=groups,dc=app,dc=com"/>

                                      <module-option name="roleAttributeID" value="cn"/>

                                  </login-module>

                                  <login-module code="org.jboss.security.ClientLoginModule" flag="required">

                                      <module-option name="restore-login-identity" value="true"/>

                                  </login-module>

                              </authentication>

                          </security-domain>

            • Actions
          • 2. Re: Custom LDAP security domain
            rodrigo.uchoa
            rodrigo.uchoa Apr 1, 2015 12:32 PM (in response to valsaraj007)

            How did you reference your custom security domain in your application? More precisely, in the jboss-web.xml and web.xml?

             

            jboss-web.xml:

             

            <jboss-web>

                 <security-domain>java:/jaas/appLDAP</security-domain>

            </jboss-web>

             

            or

             

            <jboss-web>

                 <security-domain>appLDAP</security-domain>

            </jboss-web>

             

            web.xml:

             

            <login-config>

              <auth-method>BASIC</auth-method>

              <realm-name>appLDAP</realm-name> //or java:/jaas/appLDAP?

            </login-config>

              • Actions
            • 3. Re: Custom LDAP security domain
              valsaraj007
              valsaraj007 Apr 6, 2015 5:39 AM (in response to rodrigo.uchoa)

              Hi Rodrigo,

               

              I referred the custom security domain from jboss-web.xml as:

              <jboss-web>

                   <security-domain>appLDAP</security-domain>

              </jboss-web>


              Thanks!

                • Actions