9 Replies Latest reply on Jan 31, 2014 3:28 PM by Marcelo Sales

    JBOSS + LDAP + JEE 6.

    Leandro Eich Newbie

      Bom dia galera,

       

      estou com um problema para fazer comunicação entre JBOSS + LDAP + JEE 6.

       

      Quando tento acessar minha aplicação pede usuário e senha porém não consigo logar, fica pedindo sempre.

       

      Será que tenho alguma configuração errada na configuração do meu LDAP? criei um usuario dentro de users com uid=eich e senha teste

       

      Segue a configuração do meu standalone.xml:

       

      <security-domain name="teste_ldap">
                          <authentication>
                              <login-module code="LdapExtended" flag="required">
                                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                                  <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
                                  <module-option name="java.naming.security.authentication" value="simple"/>
                                  <module-option name="bindDN" value="uid=admin,ou=system"/>
                                  <module-option name="bindCredential" value="secret"/>
                                  <module-option name="baseCtxDN" value="ou=users,ou=system"/>
                                  <module-option name="baseFilter" value="(uid={0})"/>
                                  <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
                                  <module-option name="allowEmptyPasswords" value="true"/>
                              </login-module>
                          </authentication>
      </security-domain>
      


      web.xml



      <security-constraint>
             <web-resource-collection>
                  <web-resource-name>HtmlAuth</web-resource-name>
                  <description>Sistema de segurança</description>
                  <url-pattern>/*</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
                  <role-name>Manager</role-name>
             </auth-constraint>
       </security-constraint>
      
        <login-config>
             <auth-method>BASIC</auth-method>
             <realm-name>Test LDAP</realm-name>
        </login-config>
      
        <security-role>
             <role-name>Manager</role-name>
        </security-role>
      
      jboss-web.xml:
      
      
      <jboss-web>
          <security-domain>java:/jaas/teste_ldap</security-domain>
      </jboss-web>
      


        • 1. Re: JBOSS + LDAP + JEE 6.
          Leandro Eich Newbie

          Se tiverem um exemplo funcionando. Obrigado

          • 2. Re: JBOSS + LDAP + JEE 6.
            Adriano Schmidt Master

            E aí Leandro, acho q faltou os roles.. adiciona aí:

             

            <module-option name="rolesCtxDN" value="ou=groups,ou=system"/>

            <module-option name="roleFilter" value="(member={1})"/>

            <module-option name="roleAttributeID" value="cn"/>

             

            Abraço!!

            www.localhost8080.com.br

            1 of 1 people found this helpful
            • 3. Re: JBOSS + LDAP + JEE 6.
              Mauricio Magnani Jr Master

              Oi Leadro tudo bom?

               

              Desculpe perguntar mas voce garantiu que realmente essa autenticação está funcionando fora da aplicação?

               

              Existe algum log? Senão antes de enviar algum log para nós olharmos melhore a verbosidade do log. No seu Handler adicione algo como:

               

              <logger category="org.jboss.security">

                <level name="TRACE"/>

              </logger>

               

              Adicione também a opção: <module-option name="throwValidateError" value="true"/> assim podemos realmente encontrar a causa raiz.

               

              Um Bom exemplo desse tipo de configuração pode ser encontrado no seguinte link: http://middlewaremagic.com/jboss/?p=378

               

              Qualquer dúvida estamos ai...

               

              Abraços

              1 of 1 people found this helpful
              • 4. Re: JBOSS + LDAP + JEE 6.
                Rodrigo Maciel Alba Newbie

                Oi pessoal... estou trabalhando aqui com o Leandro e seguimos esse tutorial do http://middlewaremagic.com/jboss/?p=378

                 

                Chegamos a um impasse.. nosso standalone.xml está assim:

                 

                <security-domain name="test_ldap_security_domain">

                                    <authentication>

                                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>

                                            <module-option name="bindDN" value="uid=admin,ou=system"/>

                                            <module-option name="bindCredential" value="secret"/>

                                            <module-option name="baseCtxDN" value="ou=users,ou=system"/>

                                            <module-option name="baseFilter" value="(uid={0})"/>

                                            <module-option name="rolesCtxDN" value="ou=users,ou=system"/>

                                            <module-option name="roleFilter" value="(uid={0})"/>

                                            <module-option name="roleAttributeID" value="memberOf"/>

                                            <module-option name="roleNameAttributeID" value="cn"/>

                                            <module-option name="roleAttributeIsDN" value="true"/>

                                            <module-option name="allowEmptyPasswords" value="true"/>

                                            <module-option name="Context.REFERRAL" value="follow"/>

                                            <module-option name="throwValidateError" value="true"/>

                                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                                        </login-module>

                                        <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                                            <module-option name="rolesProperties" value="../standalone/configuration/test-roles.properties"/>

                                            <module-option name="replaceRole" value="false"/>

                                        </login-module>

                                    </authentication>

                                </security-domain>

                 

                E o nosso web.xml está assim:

                 

                <login-config>
                <auth-method>BASIC</auth-method>
                </login-config>
                <security-role>
                <role-name>TestRole</role-name>
                </security-role>
                <security-constraint>

                        <web-resource-collection>

                            <web-resource-name>HtmlAuth</web-resource-name>

                            <description>Sistema de segurança</description>

                            <url-pattern>/*</url-pattern>

                            <http-method>GET</http-method>

                            <http-method>POST</http-method>

                        </web-resource-collection>

                        <auth-constraint>

                            <role-name>TestRole</role-name>

                        </auth-constraint>

                    </security-constraint>

                 

                 

                Esse é o log de deploy:

                 

                19:01:14,425 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Iniciando a implantação do "supero-java-ear.ear" (runtime-name: "supero-java-ear.ear")

                19:01:14,774 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Iniciando a implantação do "null" (runtime-name: "supero-java-web.war")

                19:01:14,774 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015876: Iniciando a implantação do "null" (runtime-name: "supero-java-ejb.jar")

                19:01:14,888 INFO  [org.jboss.as.jpa] (MSC service thread 1-7) JBAS011401: Leia a persistence.xml para primary

                19:01:14,924 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) JBAS010400: Limite da fonte de dados [java:jboss/datasources/adDS]

                19:01:14,933 INFO  [org.jboss.weld.deployer] (MSC service thread 1-6) JBAS016002: Processamento da implantação weld supero-java-ear.ear

                19:01:14,936 INFO  [org.jboss.weld.deployer] (MSC service thread 1-8) JBAS016002: Processamento da implantação weld supero-java-ejb.jar

                19:01:14,945 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) JBAS016002: Processamento da implantação weld supero-java-web.war

                19:01:14,948 INFO  [org.jboss.weld.deployer] (MSC service thread 1-3) JBAS016005: Iniciando os  Serviços para a implantação CDI: supero-java-ear.ear

                19:01:14,951 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:14,951 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear

                19:01:14,952 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

                19:01:14,953 INFO  [org.jboss.weld.deployer] (MSC service thread 1-3) JBAS016008: Inicialização do serviço weld para a implantação supero-java-ear.ear

                19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000314: commit, contextID: supero-java-ear.ear

                19:01:14,957 TRACE [org.jboss.security] (MSC service thread 1-8) PBOX000337: nextState for action commit: inService

                19:01:14,957 INFO  [org.jboss.as.jpa] (ServerService Thread Pool -- 67) JBAS011402: Iniciando Persistence Unit Serviço 'supero-java-ear.ear/supero-java-ejb.jar#primary'

                19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: inService

                19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:14,958 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: open

                19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-ejb.jar

                19:01:14,959 INFO  [org.hibernate.ejb.Ejb3Configuration] (ServerService Thread Pool -- 67) HHH000204: Processing PersistenceUnitInfo [

                  name: primary

                  ...]

                19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action linkConfiguration: open

                19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action getContextID: open

                19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-ejb.jar

                19:01:14,959 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

                19:01:14,960 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000314: commit, contextID: supero-java-ear.ear

                19:01:14,960 TRACE [org.jboss.security] (MSC service thread 1-3) PBOX000337: nextState for action commit: inService

                19:01:14,961 INFO  [org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator] (ServerService Thread Pool -- 67) HHH000130: Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider

                19:01:14,969 INFO  [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 67) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect

                19:01:14,969 WARN  [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 67) HHH000431: Unable to determine H2 database version, certain features may not work

                19:01:14,972 INFO  [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (ServerService Thread Pool -- 67) HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jta.CMTTransactionFactory

                19:01:14,972 INFO  [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (ServerService Thread Pool -- 67) HHH000397: Using ASTQueryTranslatorFactory

                19:01:14,974 INFO  [org.hibernate.tool.hbm2ddl.SchemaExport] (ServerService Thread Pool -- 67) HHH000227: Running hbm2ddl schema export

                19:01:14,975 INFO  [org.hibernate.tool.hbm2ddl.SchemaExport] (ServerService Thread Pool -- 67) HHH000230: Schema export complete

                19:01:15,069 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:15,069 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: inService

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: open

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-web.war

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action linkConfiguration: open

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action getContextID: open

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-web.war

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action commit: inService

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000314: commit, contextID: supero-java-ear.ear

                19:01:15,070 TRACE [org.jboss.security] (MSC service thread 1-1) PBOX000337: nextState for action commit: inService

                19:01:15,078 INFO  [org.jboss.web] (ServerService Thread Pool -- 72) JBAS018210: Registra o contexto da web: /supero-java-web

                19:01:15,086 INFO  [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 72) Inicializando Mojarra 2.1.19-jbossorg-1 20131024-0833 para o contexto '/supero-java-web'

                19:01:15,341 INFO  [org.primefaces.webapp.PostConstructApplicationEventListener] (ServerService Thread Pool -- 72) Running on PrimeFaces 3.5

                19:01:15,341 INFO  [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 72) Monitoring jndi:/default-host/supero-java-web/WEB-INF/faces-config.xml for modifications

                19:01:15,343 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebResourcePermission" "/*" "GET,POST")

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebResourcePermission" "/*" "!GET,POST")

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebUserDataPermission" "/*" "GET,POST")

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000312: addToUncheckedPolicy, permission: ("javax.security.jacc.WebUserDataPermission" "/*")

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToUncheckedPolicy: open

                19:01:15,344 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "jsp" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "default" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "Faces Servlet" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "jsp" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "default" "TestRole")

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,345 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000310: addToRole, permission: ("javax.security.jacc.WebRoleRefPermission" "Faces Servlet" "TestRole")

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action addToRole: open

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: inService

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getPolicyConfiguration: open

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: open

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000316: linkConfiguration, link to contextID: supero-java-ear.ear!supero-java-web.war

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action linkConfiguration: open

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action getContextID: open

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000314: commit, contextID: supero-java-ear.ear!supero-java-web.war

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action commit: inService

                19:01:15,346 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000314: commit, contextID: supero-java-ear.ear

                19:01:15,347 TRACE [org.jboss.security] (MSC service thread 1-4) PBOX000337: nextState for action commit: inService

                19:01:15,532 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 1) JBAS018559: Implantado "supero-java-ear.ear" (runtime-name: "supero-java-ear.ear")

                 

                 

                E esse é o log quando a gente acessa uma página e acerta o usuário:

                 

                19:02:29,240 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000354: Setting security roles ThreadLocal: null

                19:02:42,814 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000200: Begin isValid, principal: user01, cache entry: null

                19:02:42,814 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000209: defaultLogin, principal: user01

                19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000221: Begin getAppConfigurationEntry(test_ldap_security_domain), size: 2

                19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000224: End getAppConfigurationEntry(test_ldap_security_domain), AuthInfo: AppConfigurationEntry[]:

                [0]

                LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule

                ControlFlag: LoginModuleControlFlag: required

                Options:

                name=baseFilter, value=(uid={0})

                name=bindDN, value=uid=admin,ou=system

                name=rolesCtxDN, value=ou=users,ou=system

                name=roleNameAttributeID, value=cn

                name=Context.REFERRAL, value=follow

                name=baseCtxDN, value=ou=users,ou=system

                name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory

                name=roleFilter, value=(uid={0})

                name=allowEmptyPasswords, value=true

                name=java.naming.provider.url, value=ldap://localhost:10389

                name=bindCredential, value=****

                name=roleAttributeIsDN, value=true

                name=searchScope, value=SUBTREE_SCOPE

                name=roleAttributeID, value=memberOf

                name=throwValidateError, value=true

                [1]

                LoginModule Class: org.jboss.security.auth.spi.RoleMappingLoginModule

                ControlFlag: LoginModuleControlFlag: optional

                Options:

                name=replaceRole, value=false

                name=rolesProperties, value=../standalone/configuration/test-roles.properties

                 

                 

                19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000236: Begin initialize method

                19:02:42,815 WARN  [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000234: Invalid or misspelled module option: Context.REFERRAL

                19:02:42,815 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000240: Begin login method

                19:02:42,816 DEBUG [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000269: Failed to parse roleRecursion as number, using default value 0

                19:02:42,816 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000220: Logging into LDAP server with env {throwValidateError=true, Context.REFERRAL=follow, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=******, jboss.security.security_domain=test_ldap_security_domain, java.naming.security.authentication=simple, baseCtxDN=ou=users,ou=system, roleAttributeIsDN=true, rolesCtxDN=ou=users,ou=system, java.naming.security.principal=uid=admin,ou=system, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(uid={0}), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=uid=admin,ou=system, bindCredential=******}

                19:02:42,822 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000220: Logging into LDAP server with env {throwValidateError=true, Context.REFERRAL=follow, baseFilter=(uid={0}), allowEmptyPasswords=true, java.naming.security.credentials=******, jboss.security.security_domain=test_ldap_security_domain, java.naming.security.authentication=simple, baseCtxDN=ou=users,ou=system, roleAttributeIsDN=true, rolesCtxDN=ou=users,ou=system, java.naming.security.principal=uid=user01,ou=users,ou=system, searchScope=SUBTREE_SCOPE, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleFilter=(uid={0}), java.naming.provider.url=ldap://localhost:10389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=uid=admin,ou=system, bindCredential=******}

                19:02:42,829 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000268: Assigning user to role user01

                19:02:42,831 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000241: End login method, isValid: true

                19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000236: Begin initialize method

                19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000240: Begin login method

                19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000242: Begin commit method, overall result: true

                19:02:42,832 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000242: Begin commit method, overall result: true

                19:02:42,833 DEBUG [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000287: Failed to open properties file from URL: java.net.MalformedURLException: no protocol: ../standalone/configuration/test-roles.properties

                  at java.net.URL.<init>(URL.java:585) [rt.jar:1.7.0_45]

                  at java.net.URL.<init>(URL.java:482) [rt.jar:1.7.0_45]

                  at java.net.URL.<init>(URL.java:431) [rt.jar:1.7.0_45]

                  at org.jboss.security.auth.spi.Util.loadProperties(Util.java:300) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.security.auth.spi.RoleMappingLoginModule.getRoleSets(RoleMappingLoginModule.java:127) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:225) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) [:1.7.0_45]

                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]

                  at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_45]

                  at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_45]

                  at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_45]

                  at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

                  at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

                  at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

                  at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

                  at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

                  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

                  at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]

                 

                 

                19:02:42,835 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000288: Properties file ../standalone/configuration/test-roles.properties loaded, users: [Administrators]

                19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@fc1abca, subject: Subject(1945461466).principals=org.jboss.security.SimplePrincipal@1061579375(user01)org.jboss.security.SimpleGroup@670416349(Roles(members:user01))org.jboss.security.SimpleGroup@670416349(CallerPrincipal(members:user01))

                19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000201: End isValid, result = true

                19:02:42,836 TRACE [org.jboss.security] (http-localhost/127.0.0.1:8080-2) PBOX000354: Setting security roles ThreadLocal: null

                 

                 

                Quando erramos a senha, é solicitado o usuário novamente, mas quando acertamos aparece no browser assim:

                 

                JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied

                 

                Acredito que é alguma configuração nas roles que está faltando... vocês tem alguma ideia?

                 

                Abs!

                Rodrigo

                • 5. Re: JBOSS + LDAP + JEE 6.
                  Adriano Schmidt Master

                  Fala mauriciomag

                   

                  Eu trabalho com o Rodrigo e com o Leandro..

                   

                  Sentei agora com eles pra ver isso e conseguimos resolver..

                   

                  Mas seguimos um tutorial seu http://jbossdivers.wordpress.com/2012/02/12/utilizando-ldap-login-module-no-jboss-as-7-1/

                   

                  Tivemos que fazer algumas pequenas alterações para funcionar com o nosso LDAP, mas deu certinho.. esse seu tutorial é demais! o do middlewaremagic não funcionou de jeito nenhum :/

                   

                  Abraços,

                  Adriano Schmidt

                  www.localhost8080.com.br

                  • 6. Re: JBOSS + LDAP + JEE 6.
                    Mauricio Magnani Jr Master

                    Legal Adriano fico feliz em ter contribuido para solução

                     

                    Abs meu amigo.

                    • 7. Re: JBOSS + LDAP + JEE 6.
                      Adriano Schmidt Master

                      Só pra registrar, criei um artigo no meu blog documentando o passo-a-passo.

                       

                      http://localhost8080.blogspot.com.br/2014/01/JBoss-EAP6-AS7-JAAS-LDAP-AD.html

                       

                      Eu usei o Apache Directory Studio.. aí documentei como fiz pra criar o server LDAP nele também.

                       

                      Abraço! E obrigadão Mauricio!!

                      • 8. Re: JBOSS + LDAP + JEE 6.
                        Mauricio Magnani Jr Master

                        Ai sim hein seu tutorial ficou mil vezes melhor que o meu rsrsrs show!

                         

                        Vlw

                        • 9. Re: JBOSS + LDAP + JEE 6.
                          Marcelo Sales Newbie

                          Valeu Adriano. Vou dar uma sacada depois.