2 Replies Latest reply on Sep 9, 2008 11:51 AM by Xavier Marquis

    How to : no role matching test ; connect LDAPS server and se

    Xavier Marquis Newbie

      Hi,

      I'm a newbie in JBOSS, and JAAS.

      I have followed some tutorials but I still cannot find a solution for 2
      problems.

      (1) In fact, my application internally manage role, and I don't want JAAS
      to deal with it. So I'd like a system with login-config.xml and web.xml
      <auth-contraints> <auth-role> tag, which permit to authentificate without
      role check. (Anyway, there arent any role defined in the LDAP server for my
      application, so I can't use role check.)

      I've seen on the web that we can't put * to <auth-role> :
      <auth-role>*</auth-role> doesn't work.

      My login-config.xml application policy looks like that :

      <application-policy name="ldap">

      <login-module code="contollers.security.MyLDAPLoginModule"
      flag="required">
      <module-option
      name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option
      name="java.naming.provider.url">ldaps://*******:636
      ldaps://********:636</module-option>
      <module-option
      name="java.naming.security.protocol">ssl</module-option>
      <module-option
      name="java.naming.security.authentication">simple</module-option>
      <module-option
      name="bindDN">cn=webdiracbt,ou=appli,o=edf,c=fr</module-option>
      <module-option name="bindCredential">******</module-option>
      <module-option name="baseCtxDN">c=fr</module-option>
      <module-option
      name="baseFilter">(&(uid={0})(objectclass=inetorgperson))</module-option>
      <module-option
      name="rolesCtxDN">ou=xa,o=edfgdf,c=fr</module-option>
      <module-option
      name="roleFilter">(&(member={1})(objectclass=groupofnames))</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleRecursion">-1</module-option>
      </login-module>

      </application-policy>


      (2) Moreover, I'd like to use JAAS implemented classes and properties in
      login-config.xml to connect to the LDAPS server and consult some
      informations. I know I can do that with JNDI api, but is there a way to use
      JAAS classes to do that.


      (3) Another question : in my precedent implementation I still use JNDI ; I
      set up mannually into code the properties for LDAPS connection. I add also
      SSL to protocol to prevent eventual ambiguity. However, my truststore seems
      to be empty and my JBOSS server seems to be successful in LDAPS connexion
      ... If anyone has an idea ...