2 Replies Latest reply on Dec 16, 2007 7:55 AM by vickraman ganesan

    j_security_check not working in LDAP based Authentication

    vickraman ganesan Newbie

      Hi There,

      I'm using JBoss 4.2.1. In our application, we have the following snippet in login.jsp.

      <form action="j_security_check" method="post">
      <input name="j_username" type="text" class="input" id="j_username" size="20">
      <input name="j_password" type="password" class="input" id="j_password" size="20">


      And, the web.xml has
      <security-constraint>
       <web-resource-collection>
       <web-resource-name>Login Page</web-resource-name>
       <url-pattern>/logonNoSSO.jsp</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       </web-resource-collection>
       <user-data-constraint>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>myrealm</realm-name>
       <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       </form-login-config>
       </login-config>
       <security-role>
       <description>ADMIN Role</description>
       <role-name>adminRole</role-name>
       </security-role>


      The Jboss-web.xml has the following
      <security-domain>java:/jaas/myrealm</security-domain>
       <security-role>
       <role-name>adminRole</role-name>
       <principal-name>Admin</principal-name>
       </security-role>



      When I try to login with correct user name / pwd I'm getting
      Access to the specified resource (Access to the requested resource has been denied) has been forbidden

      Could somebody help me to solve this issue?

      Thanks

        • 1. Re: j_security_check not working in LDAP based Authenticatio
          vickraman ganesan Newbie

          No takers so far?

          Some more information. I've my LDAP setting as

          <application-policy name = "myrealm">
           <authentication>
           <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
           <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
           <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option>
           <module-option name="java.naming.security.authentication">simple</module-option>
           <module-option name="java.naming.security.principal">uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot</module-option>
           <module-option name="java.naming.security.credentials">pwd</module-option>
           <module-option name="baseDN">dc=company,dc=co,dc=uk</module-option>
           <module-option name="principalDNPrefix">uid=</module-option>
           <module-option name="principalDNSuffix">,ou=people,dc=company,dc=co,dc=uk</module-option>
           <module-option name="uidAttributeID">uid</module-option>
           <module-option name="searchScope">SUBTREE_SCOPE</module-option>
           <module-option name="rolesCtxDN">ou=Roles,dc=company,dc=co,dc=uk</module-option>
           <module-option name="roleAttributeID">cn</module-option>
           <module-option name="roleAttributeIsDN">false</module-option>
           <module-option name="matchOnUserDN">true</module-option>
          
           </login-module>
          
           <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
           <module-option name="rolesProperties">props/propsrsdmRolesMapping.properties</module-option>
           <module-option name="replaceRole">false</module-option>
           </login-module>
          
           </authentication>
           </application-policy>
          


          My propsrsdmRolesMapping.properties file has
          deploymentRole=RSMDeployment
          admRole=RSMADM
          skillsRole=RSMSkills
          projManRole=RSMProjMan
          spaRole=RSMSPA
          itbmRole=RSMITBM
          RSMSkills=skillsRole
          RSMDeployment=deploymentRole
          RSMADM=admRole
          RSMProjMan=projManRole
          RSMSPA=spaRole
          RSMITBM=itbmRole
          


          Could anybody help?

          Ta

          • 2. Re: j_security_check not working in LDAP based Authenticatio
            vickraman ganesan Newbie

            Solved the problem. I've added the following in login-config.xml

            <module-option name="uidAttributeID">uniquemember</module-option>
             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
             <module-option name="rolesCtxDN">ou=Groups,dc=company,dc=co,dc=uk</module-option>
             <module-option name="matchOnUserDN">true</module-option>
             <module-option name="roleAttributeID">cn</module-option>
             <module-option name="roleAttributeIsDN">false</module-option>
            


            And, changed the following role-name in web.xml to the 'actual' role name as in LDAP. JBoss is not mapping the roles names described in jboss-web.xml