0 Replies Latest reply on Feb 5, 2003 5:03 PM by Alan

    LDAPLoginModule Example Won't work for me?

    Alan Newbie

      I have been trying to get the basic LDAP example that is in the jboss docs going for about a week and can't figure out whats going wrong. Using form based login, I can authenticate correctly, but my roles don't work correctly to authorize me for a secured page.

      Here's an LDIF of my directory, and my login-config.xml, along with the web.xml of the application that I'm trying to secure.

      LDIF
      -------------------------------
      dn: o=solspark
      objectClass: top
      objectClass: organization
      o: solspark

      dn: ou=Roles,o=solspark
      ou: Roles
      objectClass: top
      objectClass: organizationalunit

      dn: ou=People,o=solspark
      ou: People
      objectClass: top
      objectClass: organizationalunit

      dn: uid=alanw,ou=People,o=solspark
      fn: alan
      ln: weissman
      objectClass: top
      objectClass: jbossuser
      uid: alanw

      dn: cn=jbosssx,ou=Roles,o=solspark
      cn: jbosssx
      objectClass: top
      objectClass: jbossuserroles
      roleName: Developer
      uid: alanw

      login-config.xml
      -------------------------------
      <?xml version="1.0"?>


      <application-policy name="SunOneDirectory">

      <login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
      <module-option name="java.naming.security.authentiaction">simple</module-option>
      <module-option name="java.naming.security.principal">admin</module-option>
      <module-option name="java.naming.security.credentials">XXXXXX</module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <module-option name="principalDNSuffix">,ou=People,o=solspark</module-option>
      <module-option name="uidAttributeID">uid</module-option>
      <module-option name="roleAttributeID">roleName</module-option>
      <module-option name="rolesCtxDN">cn=jbosssx,ou=Roles,o=solspark</module-option>
      </login-module>

      </application-policy>


      web.xml
      -------------------------------


      <web-app>

      <!-- the entire site is secure (/* = everything) -->
      <security-constraint>

      <web-resource-collection>
      <web-resource-name>secure</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>

      <!-- only users belonging to the "users" and "admin" groups may access the site -->
      <auth-constraint>
      <role-name>Developer</role-name>
      </auth-constraint>

      </security-constraint>

      <!-- tell the app server which authentication to use and where to
      find the login page -->

      <login-config>

      <!-- use this for form based authentication -->
      <auth-method>FORM</auth-method>
      <realm-name>java:jaas/SunOneDirectory</realm-name>

      <form-login-config>
      <form-login-page>/login/loginpage.jsp</form-login-page>
      <form-error-page>/login/loginerror.jsp</form-error-page>
      </form-login-config>

      <!-- end form based authentication -->
      </login-config>

      <!-- list the possible security roles -->
      <security-role>
      <role-name>Developer</role-name>
      </security-role>

      </web-app>

      If anyone can see anything wrong going on, please let me know.

      Thanks in advance,
      Alan