1 Reply Latest reply on Oct 3, 2005 2:07 AM by Ashwin Kumar Karkala

    Problem with programmatic authentication with LDAP

    Siva Uppari Newbie

      Hi,

      We are doing programmatic authentication with LDAP. (sample code given below).
      After authenticaion deligated call to another secured session bean, it is again going thru security domain, even though user has required roles.

      i.e. again going thru the security domain, meaning roles have not been propagated to tomcat container.


      // Perform LDAP Authenticaion
      try
      {
      SimplePrincipal user = new SimplePrincipal("testuser2");
      String pwd = "testpassword";
      String securityDomain = "LDAPDomain";
      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      handler.setSecurityInfo(user, pwd);

      LoginContext lc = new LoginContext(securityDomain, handler);
      lc.login();

      Subject subject = lc.getSubject();
      Iterator it = subject.getPrincipals().iterator();


      }
      } catch(Exception e)
      {
      System.out.println("** Wrong Username or Password **** ");
      e.printStackTrace();
      }

      // Delegating call to another session bean
      try
      {
      InitialContext ctx = new InitialContext();
      ClientServiceHome home_obj = (ClientServiceHome)ctx.lookup("shares/ClientService");
      ClientService remoteObj = (ClientService)home_obj.create();
      remoteObj.Ldap_Authentication();
      }catch(Exception e)
      {
      System.out.println("**** Exception while delegating call to secured session Bean...\n");
      e.printStackTrace();
      }


      LDAP Config:


      <application-policy name = "LDAPDomain">

      <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name = "java.naming.factory.initial">
      com.sun.jndi.ldap.LdapCtxFactory
      </module-option>
      <module-option name = "java.naming.provider.url">ldap://172.19.151.202:389/</module-option>
      <module-option name = "java.naming.security.authentication">simple</module-option>
      <module-option name = "principalDNPrefix">uid=</module-option>
      <module-option name = "uidAttributeID">roleOccupant</module-option>
      <module-option name = "roleAttributeID">cn</module-option>
      <module-option name = "principalDNSuffix">,ou=People,dc=example,dc=com</module-option>
      <module-option name = "rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
      <module-option name = "matchOnUserDN">true</module-option>
      <module-option name = "unauthenticatedIdentity">nobody</module-option>
      </login-module>

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>


      </application-policy>