1 Reply Latest reply on Feb 21, 2012 11:34 AM by Zakir Syed

    Integrating LDAP server (ApacheDS) with JBoss AS

    Zakir Syed Newbie

      I am trying to write a web application that will authenticate and authorize the user by making use of the LDAP. However I followed the tutorial over here but still I was not able to make a connection with the LDAP server. I have tried going through other discussions in this community but it didnt help either. I would really appreciate it if someone could help me get this working.

       

      My web.xml is

       

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
       id="WebApp_ID" version="2.5">
       <display-name>AAJboss</display-name>
       <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>  
       <security-constraint>
        <web-resource-collection>
         <web-resource-name>Secure Resource</web-resource-name>
         <url-pattern>/secured/*</url-pattern>
         <http-method>POST</http-method>
         <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
         <role-name>uv_admin</role-name>
        </auth-constraint>
       </security-constraint>
       <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
         <form-login-page>/login.html</form-login-page>
         <form-error-page>/error.html</form-error-page>
        </form-login-config>
       </login-config>
       <security-role>
        <role-name>uv_admin</role-name>
       </security-role>
      </web-app>
      
      


      jboss-web.xml

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
       <security-domain>java:/jaas/example</security-domain>
      </jboss-web>  
      
      

       

      login-config.xml

       

      <application-policy name="example">
       <authentication>
        <login-module code="LdapExtended" flag="required">
         <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
         <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
         <module-option name="java.naming.security.authentication" value="simple"/>
         <module-option name="bindDN" value="uid=admin,ou=system"/>
         <module-option name="bindCredential" value="secret"/>
         <module-option name="baseCtxDN" value="ou=people,o=xxx"/>
         <module-option name="baseFilter" value="(uid={0})"/>
         <module-option name="rolesCtxDN" value="ou=Roles,o=xxx"/>
         <module-option name="roleFilter" value="(member={1})"/>
         <module-option name="roleAttributeID" value="cn"/>
         <module-option name="searchScope" value="SUBTREE_SCOPE"/>
         <module-option name="allowEmptyPasswords" value="false"/>
        </login-module>
       </authentication>
        </application-policy>
      
      
        • 1. Re: Integrating LDAP server (ApacheDS) with JBoss AS
          Zakir Syed Newbie

          I get the following trace log

           

          2012-02-21 10:11:48,955 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http-127.0.0.1-8080-2) Creating SDC for domain=xxx
          2012-02-21 10:11:48,955 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.xxx] (http-127.0.0.1-8080-2) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@13290aa
          2012-02-21 10:11:48,955 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.xxx] (http-127.0.0.1-8080-2) CachePolicy set to: org.jboss.util.TimedCachePolicy@b7b28b
          2012-02-21 10:11:48,955 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http-127.0.0.1-8080-2) setCachePolicy, c=org.jboss.util.TimedCachePolicy@b7b28b
          2012-02-21 10:11:48,956 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-2)  Calling authenticate()
          2012-02-21 10:11:48,956 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-127.0.0.1-8080-2) Save request in session '50B9CCC74E611ED1EC66BB1537F04416'
          2012-02-21 10:11:48,958 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/AAJboss].[default]] (http-127.0.0.1-8080-2)  Disabling the response for futher output
          2012-02-21 10:11:48,958 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-2)  Failed authenticate() test
          2012-02-21 10:11:53,684 DEBUG [org.apache.catalina.connector.CoyoteAdapter] (http-127.0.0.1-8080-2)  Requested cookie session id is 50B9CCC74E611ED1EC66BB1537F04416
          2012-02-21 10:11:53,684 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-2) Security checking request POST /AAJboss/secured/j_security_check
          2012-02-21 10:11:53,684 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-127.0.0.1-8080-2) Authenticating username 'hnelson'
          2012-02-21 10:11:53,685 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-2) Bad password for username=hnelson
          javax.naming.NoInitialContextException: Cannot instantiate class:  [Root exception is java.lang.ClassNotFoundException: ]
          at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
          at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
          at javax.naming.InitialContext.init(Unknown Source)
          at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
          at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:573)
          at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:380)
          at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:276)
          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          at java.lang.reflect.Method.invoke(Unknown Source)
          at javax.security.auth.login.LoginContext.invoke(Unknown Source)
          at javax.security.auth.login.LoginContext.access$000(Unknown Source)
          at javax.security.auth.login.LoginContext$4.run(Unknown Source)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
          at javax.security.auth.login.LoginContext.login(Unknown Source)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Unknown Source)
          Caused by: java.lang.ClassNotFoundException:
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Unknown Source)
          at com.sun.naming.internal.VersionHelper12.loadClass(Unknown Source)
          ... 37 more
          2012-02-21 10:11:53,685 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/AAJboss].[default]] (http-127.0.0.1-8080-2)  Disabling the response for futher output
          2012-02-21 10:11:53,685 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-2)  Failed authenticate() test ??/AAJboss/secured/j_security_check