4 Replies Latest reply on Dec 11, 2006 5:17 AM by Nix lkasd

    HowTo Link LDAP-Group with Roles?

    Nix lkasd Newbie

      Hi,

      I spend nearly the whole day, reading tutorials, forums and books... I finally got my authentication working but am stuck with the authorization.

      I can login, but am getting - reasonably - a 403 error.

      I'm originally coming from WebSphere where the EAR links the LDAP-Groups with the JAAS roles with a ibm-application-bnd.xmi.
      But how can I make it on Jboss???

      I set up login-config.xml, application.xml (ear), jboss-web.xml and web.xml to make the authentication happen. Any other file to edit/add?

      Thanks in advantage for you help!
      Zwitsch

      application.xml

       <display-name>
       KaskoEAR</display-name>
       <module>
       <web>
       <web-uri>Kasko.war</web-uri>
       <context-root>kasko</context-root>
       </web>
       </module>
       <security-role id="user">
       <description>User</description>
       <role-name>user</role-name>
       </security-role>
       <security-role id="poweruser">
       <description>Poweruser</description>
       <role-name>poweruser</role-name>
       </security-role>
       <security-role id="admin">
       <description>Admin User</description>
       <role-name>admin</role-name>
       </security-role>
      </application>


      web.xml (extract)

      !-- Security Config -->
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Kasko Login</realm-name>
       </login-config>
      
       <!-- Security Contraints -->
      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Admin</web-resource-name>
       <url-pattern>/Start</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>admin</role-name>
       </auth-constraint>
       </security-constraint>
      
       <!-- Security Roles -->
      
       <security-role>
       <description>Administrator</description>
       <role-name>admin</role-name>
       </security-role>


      jboss-web.xml

      <jboss-web>
      
       <context-root>/kasko</context-root>
      
       <security-domain>java:/jaas/testdomain</security-domain>
      
      </jboss-web>