This content has been marked as final.
Show 2 replies
-
1. Re: HTTP Status 403 - when using LDAP
deanouk Apr 30, 2008 7:00 AM (in response to deanouk)I've added some logging and am seeing:
[30 Apr 2008 11:56:26] DEBUG com.msp.ejb.security.IdentityLoginModule - U serStatus is OK, returning true. [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.FormAuthenticator - Authentication of 'dean.pullen' was successful [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting to original '/portal/auth/portal/default/default' [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test ??/portal/auth/portal/default/j_security_check [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.connector.CoyoteAdapter - Req uested cookie session id is 6D4F6081BEF093070076F5DF9E375A06 [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security checking request GET /portal/auth/portal/default/default [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Authenticated]' against GET /auth/portal/default/d efault --> true [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Secure]' against GET /auth/portal/default/default --> false [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Secure+Authenticated]' against GET /auth/portal/de fault/default --> false [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Authenticated]' against GET /auth/portal/default/d efault --> true [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Secure]' against GET /auth/portal/default/default --> false [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c onstraint 'SecurityConstraint[Secure+Authenticated]' against GET /auth/portal/de fault/default --> false
(You'll notice I've replaced IdentityLoginModule with our own version which only adds additional debug statements)
I see it passing the Authenticated roles but not Secure or Secure+Authenticated but I've never seen these mentioned anywhere. Is this the cause of the problem, and if so how do I fix it? Adding these roles doesn't seem to change anything.
This also makes me wonder if authetication hasn't properly passed (shown above too):[30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test ??/portal/auth/portal/default/j_security_check
-
2. Re: HTTP Status 403 - when using LDAP
deanouk Apr 30, 2008 10:58 AM (in response to deanouk)After a lot of debugging, taking source from the JBoss repo and stepping through it, I noticed that the role 'User' was also added to role set of the users, via the standard non-LDAP IdentityLoginModule.
Adding this as a group in SBS AD and adding it to the user allowed the portal to work. Also, adding Admin worked as you would expect.
I suspect a lot of people have fallen into this trap considering the 403 errors I've seen in the forums.
It might be worth updating the specs to ensure people add these roles to their user's role sets, not just 'Authenticated'.