1 Reply Latest reply on Jul 20, 2004 12:52 PM by janareid

    jmx-console  HTTP Status 403 - Access to the requested resou

    janareid Newbie

      Trying to use LdapLoginConfig to secure jmx-console.
      Get "Status 403".

      Setup is as follows:
      login-config.xml WITH

      <application-policy name="jmx-console">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://server2.company.com:389/</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <module-option name="principalDNSuffix">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option>
      <module-option name="rolesCtxDN">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option>
      <module-option name="uidAttributeID">uid</module-option>
      <module-option name="roleAttributeID">nsrole</module-option>
      </login-module>

      </application-policy>


      web.xml WITH

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>jmx-console</realm-name>
      </login-config>

      <security-role>
      <role-name>JBossAdmin</role-name>
      </security-role>


      ldapsearch SHOWS

      server1.company.com# ldapsearch -h server2.company.com -p 389 -b "cn=jbossadmin,ou=Roles,dc=company,dc=com" -s one "uid=jboss" nsrole -x -W
      Enter LDAP Password:
      version: 2

      #
      # filter: uid=jboss
      # requesting: nsrole
      #

      # jboss, JBossAdmin, Roles, company, com
      dn: uid=jboss,cn=JBossAdmin,ou=Roles, dc=company,dc=com
      nsrole: cn=jbossadmin,ou=roles,dc=company,dc=com

      # search result
      search: 2
      result: 0 Success

      # numResponses: 2
      # numEntries: 1



      LOGS SHOW


      [19/Jul/2004:10:22:50 -0500] conn=118992 op=-1 msgId=-1 - fd=73 slot=73 LDAP connection from 192.168.2.172 to 192.168.2.203
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - BIND dn="uid=jboss,cn=jbossadmin,ou=Roles,dc=company,dc=com" method=128 version=3
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jboss,cn=jbossadmin,ou=roles,dc=company,dc=com"
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - SRCH base="cn=jbossadmin,ou=roles,dc=company,dc=com" scope=1 filter="(&(uid=jboss))" attrs="nsRole"
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=3 - UNBIND
      [19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=-1 - closing - U1
      [19/Jul/2004:10:22:51 -0500] conn=118992 op=-1 msgId=-1 - closed.


      What am I missing? Is "role-name" in need of being added as naming attribute somewhere else.

      Thanks in advance for any help or clues. : )

      -Jana