-
1. Re: JBoss 3.0.0 w/ Tomcat - LDAP configuration for authentic
This is the configuration for login-config.xml in $JBOSS/server/default/conf
<application-policy name="ldap">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name = "java.naming.security.authentication">simple</module-option>
<module-option name = "principleDNPrefix">uid={0}</module-option>
<module-option name = "principleDNSuffix">,ou=people,dc=botly,dc=com</module-option>
<module-option name = "uidAttributeID">uid</module-option>
<module-option name = "roleAttributeID">cn</module-option>
<module-option name = "rolesCtxDN">ou=groups,ou=portal,dc=botly,dc=com</module-option>
<module-option name = "matchOnUserDN">true</module-option>
<module-option name = "unauthenticatedIdentity">nobody</module-option>
<module-option name = "java.naming.provider.url">ldap://192.168.111.9:389/</module-option>
</login-module>
</application-policy>
This is the configuration in web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/secure/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/secure/login.jsp</form-login-page>
<form-error-page>/secure/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>