0 Replies Latest reply on Apr 14, 2008 8:26 AM by Sipho Mothobi

    LDAP Module Error : JBoss 4.0.1

    Sipho Mothobi Newbie

      Hi,

      I curretly attempting to secure a web application by adding LDAP Authentication. It looks like it not loading the configured security Realm for the application as it ends up loading the "UsersRolesLoginModule", anything addtional i must do? I have added the changes to :

      login-config.xml
      jbossweb.xml
      web.xml

      As the any other file i need to modify ?

      I am getting the following exception :


      2008-04-09 18:29:55,526 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@9cd006
      2008-04-09 18:29:55,527 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added other, org.jboss.security.plugins.SecurityDomainContext@11d75b9 to map
      2008-04-09 18:29:55,538 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: Properties file users.properties not found
      at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)


      I have setup an LDAP Realm in *login-confug.xml* as follows :

      ....
      <!-- Security domains for OpenLDAP -->
      <application-policy name = "OpenLDAPRealm">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModulee" flag="required" >
      <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://ldaphosts.com:389</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="java.naming.security.principal">S_PRINC_AD</module-option>
      <module-option name="java.naming.security.credentials">ADBrowser</module-option>
      <module-option name="rolesCtxDN">OU=The Agency,DC=com</module-option>
      <module-option name="matchOnUserDN">false</module-option>
      <module-option name="principalDNSuffix">@theagency.com</module-option>
      <module-option name="roleAttributeID">memberOf</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">name</module-option>
      <module-option name="uidAttributeID">sAMAccountName</module-option>
      <module-option name="searchScope">SUBTREE_SCOPE</module-option>
      <module-option name="defaultRole">Group_Web</module-option>
      </login-module>

      </application-policy>
      ....

      and have web.xml as follows :

      ....

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Group_Web</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>OpenLDAPRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
      </login-config>
      ....


      and
      jbossweb.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>java:/jaas/OpenLDAPRealm</security-domain>
      </jboss-web>