9 Replies Latest reply on Feb 25, 2003 1:37 PM by chrisbo

    ldaploginmodule + any help appreciated

    chrisbo

      Hello,

      I am new to JAAS and I am trying to set up my configuration files to do a simple username/password authentication using JAAS' LdapLoginModule. All I want to do is a form based submission to a servlet where it will use the LdapLoginModule for authentication purposes. I know this should not be difficult but I am having a few problems. I have searched the forum, and I see some examples where they are setting up properties in the login-config.xml file and other examples they setting up the config properties in the auth.conf file. I am trying to follow the example given in the paid doc but again, I am still left a bit confused. Really, I need to know what steps I need to do to implement this. Any help whatsoever would be greatly appreciated. Thank you.

        • 1. Re: ldaploginmodule + any help appreciated
          aweissman

          1) Create your schema in your LDAP directory.
          2) Edit login-config.xml to create the bindings from JBoss to your directory.
          3) Edit your web.xml and jboss-web.xml to require form authentication, declare roles, etc.
          4) Create your login form with the appropriate fields (j_username, j_password, etc).

          At that point you should be able to start JBoss and start testing!

          Hope this helps,
          Alan

          • 2. Re: ldaploginmodule + any help appreciated
            chrisbo

            Thanks alot...much appreciated. One more question, what should be defined in the jboss-web.xml file that differs from the web.xml file?

            • 3. Re: ldaploginmodule + any help appreciated
              aweissman

              Just the security domain...here's mine:

              <!DOCTYPE jboss-web
              PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
              "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
              <jboss-web>
              <!-- tell jboss what realm to use for authentication -->
              <security-domain>java:/jaas/SunOneDirectory</security-domain>
              </jboss-web>

              • 4. Re: ldaploginmodule + any help appreciated
                chrisbo

                Thank you. I'll let you know how I make out.

                • 5. Re: ldaploginmodule + any help appreciated
                  chrisbo

                  From what I understand, all I need to do after editing the files, is to create an instance of the LdapLoginModule and call the method LdapLoginModule.login(). For whatever reason (and there could be a number of them), I am getting a NullPointer exception. I am not sure what I did wrong but here is a list of the files that I set up.

                  web-app
                  -------


                  <web-app>

                  <servlet-name>Authentication</servlet-name> <servlet-class>ca.recursive.aeb.servlets.Authentication</servlet-class>
                  <init-param>
                  <param-name>properties</param-name>
                  <param-value>/WEB-INF/conf/velocity.properties</param-value>
                  </init-param>
                  <init-param>
                  <param-name>repositoryPath</param-name>
                  <param-value>WEB-INF/authentication</param-value>
                  </init-param>
                  <load-on-startup>1</load-on-startup>

                  <!-- end Authentication/Authorisation mappings -->
                  <servlet-mapping>
                  <servlet-name>Authentication</servlet-name>
                  <url-pattern>/authentication</url-pattern>
                  </servlet-mapping>

                  <welcome-file-list>
                  <welcome-file>authenticate.jsp</welcome-file>
                  </welcome-file-list>


                  <!-- tell the app server which authentication to use and where to
                  find the login page -->

                  <login-config>

                  <!-- use this for form based authentication -->
                  <auth-method>FORM</auth-method>
                  <realm-name>java:jaas/SunOneDirectory</realm-name>

                  <form-login-config>
                  <form-login-page>authenticate.jsp</form-login-page>
                  <form-error-page>loginerror.jsp</form-error-page>
                  </form-login-config>

                  <!-- end form based authentication -->
                  </login-config>

                  <!-- list the possible security roles -->
                  <security-role>
                  <role-name>jduke</role-name>
                  </security-role>

                  jboss-web.xml
                  -------------

                  <!DOCTYPE jboss-web
                  PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
                  "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
                  <jboss-web>
                  <!-- tell jboss what realm to use for authentication -->
                  <security-domain>java:/jaas/SunOneDirectory</security-domain>
                  </jboss-web>

                  finally, the ldif file
                  -------------------------------------

                  # File: aebtest5.ldif

                  # Root node
                  dn: o=aebtest6.ca
                  o: aebtest6.ca
                  objectclass: top
                  objectclass: organization

                  dn: ou=People, o=aebtest6.ca
                  ou: People
                  objectclass: top
                  objectclass: organizationalunit

                  dn: ou=Roles, o=aebtest6.ca
                  ou: Roles
                  objectclass: top
                  objectclass: organizationalUnit

                  dn: uid=jduke, ou=People, o=aebtest6.ca
                  uid: jduke
                  cn: Java
                  cn: Duke
                  userPassword: theduke
                  sn: jduke
                  objectclass: person
                  objectclass: inetOrgPerson


                  dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
                  cn: JBossXSTests
                  uid: jduke
                  cn: TheDuke
                  sn: tests
                  objectclass: person
                  objectclass: inetOrgPerson

                  dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
                  cn: JBossSXTests
                  uid: jduke
                  cn: TheDuke
                  cn: AnimatedCharacter
                  sn: JBossSXTests
                  objectclass: person
                  objectclass: inetOrgPerson

                  dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
                  cn: JBossSXTests
                  userid: jduke
                  cn: TheDuke
                  cn: AnimatedCharacter
                  sn: tests
                  objectclass: person
                  objectclass: inetOrgPerson



                  • 6. Re: ldaploginmodule + any help appreciated
                    chrisbo

                    I did find this error occuring when starting up jboss after deploying my web-app. I am assuming it has to do with my jboss-web.xml file posted in the above message. Here it is:

                    13:03:17,800 ERROR [STDERR] Warning: validation was turned on but an org.xml.sax.ErrorHandler was not
                    13:03:17,801 ERROR [STDERR] set, which is probably not what is desired. Parser will use a default
                    13:03:17,802 ERROR [STDERR] ErrorHandler to print the first 10 errors. Please call
                    13:03:17,803 ERROR [STDERR] the 'setErrorHandler' method to fix this.
                    13:03:17,804 ERROR [STDERR] Error: URI=null Line=3: Element type "policy" is not declared.
                    13:03:17,806 ERROR [STDERR] Error: URI=null Line=4: Element type "application-policy" is not declared.
                    13:03:17,807 ERROR [STDERR] Error: URI=null Line=4: Attribute "name" is not declared for element "application-policy".
                    13:03:17,808 ERROR [STDERR] Error: URI=null Line=5: Element type "authentication" is not declared.
                    13:03:17,809 ERROR [STDERR] Error: URI=null Line=6: Element type "login-module" is not declared.
                    13:03:17,811 ERROR [STDERR] Error: URI=null Line=6: Attribute "flag" is not declared for element "login-module".
                    13:03:17,823 ERROR [STDERR] Error: URI=null Line=6: Attribute "code" is not declared for element "login-module".
                    13:03:17,825 ERROR [STDERR] Error: URI=null Line=7: Element type "module-option" is not declared.
                    13:03:17,827 ERROR [STDERR] Error: URI=null Line=7: Attribute "name" is not declared for element "module-option".
                    13:03:17,829 ERROR [STDERR] Error: URI=null Line=8: Attribute "name" is not declared for element "module-option".


                    What am I forgetting to do?


                    • 7. Re: ldaploginmodule + any help appreciated
                      chrisbo

                      I mean my login-config.xml file, not the jboss-web.xml

                      • 8. Re: ldaploginmodule + any help appreciated
                        chrisbo

                        Here is my login-config.xml file.

                        <?xml version="1.0"?>



                        <application-policy name="SunOneDirectory">

                        <login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
                        <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                        <module-option name="java.naming.provider.url">ldap://localhost:389/o=aebtest6.ca</module-option>
                        <module-option name="java.naming.security.authentiaction">simple</module-option>
                        <module-option name="java.naming.security.principal">ou=People,o=aebtest6.ca</module-option>
                        <module-option name="java.naming.security.credentials">secret</module-option>
                        <module-option name="principalDNPrefix">uid=</module-option>
                        <module-option name="principalDNSuffix">,ou=People,o=aebtest6.ca</module-option>
                        <module-option name="uidAttributeID">uid</module-option>
                        <module-option name="roleAttributeID">cn</module-option>
                        <module-option name="rolesCtxDN">cn=JBossSXTests,ou=Roles,o=aebtest6.ca</module-option>
                        </login-module>

                        </application-policy>

                        • 9. Re: ldaploginmodule + any help appreciated
                          chrisbo

                          I didn't define the doctype...sorry about that.