-
1. Re: ldaploginmodule + any help appreciated
aweissman Feb 25, 2003 9:52 AM (in response to chrisbo)1) Create your schema in your LDAP directory.
2) Edit login-config.xml to create the bindings from JBoss to your directory.
3) Edit your web.xml and jboss-web.xml to require form authentication, declare roles, etc.
4) Create your login form with the appropriate fields (j_username, j_password, etc).
At that point you should be able to start JBoss and start testing!
Hope this helps,
Alan -
2. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 10:02 AM (in response to chrisbo)Thanks alot...much appreciated. One more question, what should be defined in the jboss-web.xml file that differs from the web.xml file?
-
3. Re: ldaploginmodule + any help appreciated
aweissman Feb 25, 2003 10:14 AM (in response to chrisbo)Just the security domain...here's mine:
<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<!-- tell jboss what realm to use for authentication -->
<security-domain>java:/jaas/SunOneDirectory</security-domain>
</jboss-web> -
4. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 10:26 AM (in response to chrisbo)Thank you. I'll let you know how I make out.
-
5. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 12:03 PM (in response to chrisbo)From what I understand, all I need to do after editing the files, is to create an instance of the LdapLoginModule and call the method LdapLoginModule.login(). For whatever reason (and there could be a number of them), I am getting a NullPointer exception. I am not sure what I did wrong but here is a list of the files that I set up.
web-app
-------
<web-app>
<servlet-name>Authentication</servlet-name> <servlet-class>ca.recursive.aeb.servlets.Authentication</servlet-class>
<init-param>
<param-name>properties</param-name>
<param-value>/WEB-INF/conf/velocity.properties</param-value>
</init-param>
<init-param>
<param-name>repositoryPath</param-name>
<param-value>WEB-INF/authentication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<!-- end Authentication/Authorisation mappings -->
<servlet-mapping>
<servlet-name>Authentication</servlet-name>
<url-pattern>/authentication</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>authenticate.jsp</welcome-file>
</welcome-file-list>
<!-- tell the app server which authentication to use and where to
find the login page -->
<login-config>
<!-- use this for form based authentication -->
<auth-method>FORM</auth-method>
<realm-name>java:jaas/SunOneDirectory</realm-name>
<form-login-config>
<form-login-page>authenticate.jsp</form-login-page>
<form-error-page>loginerror.jsp</form-error-page>
</form-login-config>
<!-- end form based authentication -->
</login-config>
<!-- list the possible security roles -->
<security-role>
<role-name>jduke</role-name>
</security-role>
jboss-web.xml
-------------
<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<!-- tell jboss what realm to use for authentication -->
<security-domain>java:/jaas/SunOneDirectory</security-domain>
</jboss-web>
finally, the ldif file
-------------------------------------
# File: aebtest5.ldif
# Root node
dn: o=aebtest6.ca
o: aebtest6.ca
objectclass: top
objectclass: organization
dn: ou=People, o=aebtest6.ca
ou: People
objectclass: top
objectclass: organizationalunit
dn: ou=Roles, o=aebtest6.ca
ou: Roles
objectclass: top
objectclass: organizationalUnit
dn: uid=jduke, ou=People, o=aebtest6.ca
uid: jduke
cn: Java
cn: Duke
userPassword: theduke
sn: jduke
objectclass: person
objectclass: inetOrgPerson
dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
cn: JBossXSTests
uid: jduke
cn: TheDuke
sn: tests
objectclass: person
objectclass: inetOrgPerson
dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
cn: JBossSXTests
uid: jduke
cn: TheDuke
cn: AnimatedCharacter
sn: JBossSXTests
objectclass: person
objectclass: inetOrgPerson
dn: cn=JBossSXTests, ou=Roles, o=aebtest6.ca
cn: JBossSXTests
userid: jduke
cn: TheDuke
cn: AnimatedCharacter
sn: tests
objectclass: person
objectclass: inetOrgPerson -
6. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 1:15 PM (in response to chrisbo)I did find this error occuring when starting up jboss after deploying my web-app. I am assuming it has to do with my jboss-web.xml file posted in the above message. Here it is:
13:03:17,800 ERROR [STDERR] Warning: validation was turned on but an org.xml.sax.ErrorHandler was not
13:03:17,801 ERROR [STDERR] set, which is probably not what is desired. Parser will use a default
13:03:17,802 ERROR [STDERR] ErrorHandler to print the first 10 errors. Please call
13:03:17,803 ERROR [STDERR] the 'setErrorHandler' method to fix this.
13:03:17,804 ERROR [STDERR] Error: URI=null Line=3: Element type "policy" is not declared.
13:03:17,806 ERROR [STDERR] Error: URI=null Line=4: Element type "application-policy" is not declared.
13:03:17,807 ERROR [STDERR] Error: URI=null Line=4: Attribute "name" is not declared for element "application-policy".
13:03:17,808 ERROR [STDERR] Error: URI=null Line=5: Element type "authentication" is not declared.
13:03:17,809 ERROR [STDERR] Error: URI=null Line=6: Element type "login-module" is not declared.
13:03:17,811 ERROR [STDERR] Error: URI=null Line=6: Attribute "flag" is not declared for element "login-module".
13:03:17,823 ERROR [STDERR] Error: URI=null Line=6: Attribute "code" is not declared for element "login-module".
13:03:17,825 ERROR [STDERR] Error: URI=null Line=7: Element type "module-option" is not declared.
13:03:17,827 ERROR [STDERR] Error: URI=null Line=7: Attribute "name" is not declared for element "module-option".
13:03:17,829 ERROR [STDERR] Error: URI=null Line=8: Attribute "name" is not declared for element "module-option".
What am I forgetting to do? -
7. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 1:16 PM (in response to chrisbo)I mean my login-config.xml file, not the jboss-web.xml
-
8. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 1:17 PM (in response to chrisbo)Here is my login-config.xml file.
<?xml version="1.0"?>
<application-policy name="SunOneDirectory">
<login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:389/o=aebtest6.ca</module-option>
<module-option name="java.naming.security.authentiaction">simple</module-option>
<module-option name="java.naming.security.principal">ou=People,o=aebtest6.ca</module-option>
<module-option name="java.naming.security.credentials">secret</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,o=aebtest6.ca</module-option>
<module-option name="uidAttributeID">uid</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">cn=JBossSXTests,ou=Roles,o=aebtest6.ca</module-option>
</login-module>
</application-policy> -
9. Re: ldaploginmodule + any help appreciated
chrisbo Feb 25, 2003 1:37 PM (in response to chrisbo)I didn't define the doctype...sorry about that.