[jboss-user] [Security & JAAS/JBoss] - Re: Active Directory and LdapExtLoginModule?
sreeni.gali
do-not-reply at jboss.com
Tue Aug 22 10:59:31 EDT 2006
Hi ,
I am trying to use the ActiveDirectory with "LdapExtLoginModule" for authentication and authorization ..It's not working at all and tried with several options.
Pls see the my configuration files.
login-config.xml
------------------
<application-policy name="JawJaasDbRealm">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://151.111.195.26:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.security.principal">LDAPBrowse at ad.dot.state.mn.us</module-option>
<module-option name="java.naming.security.credentials">ldapbrowse</module-option>
<!-- bGRhcGJyb3dzZQ== -->
<module-option name="bindDN">LDAPBrowse at ad.dot.state.mn.us</module-option>
<module-option name="bindCredential">ldapbrowse</module-option>
<module-option name="baseCtxDN">DC=ad,DC=dot,DC=state,DC=mn,DC=us</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">DC=ad,DC=dot,DC=state,DC=mn,DC=us</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="defaultRole">OFCVO_RGCIP_Inventory</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>
</application-policy>
------------------------------
web-security.xml
---------------
<security-constraint>
<web-resource-collection>
<web-resource-name>
JAW Application protected Admin pages and actions.
</web-resource-name>
Require users to authenticate.
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
Allow Manager role to access Admin pages and actions.
<role-name>OFCVO_RGCIP_Inventory</role-name>
<!-- <role-name>MnDOT Chg Access</role-name>
<role-name>Public WitiUserTest</role-name>
-->
</auth-constraint>
</security-constraint>
<!-- <security-role>
JAW Managers
<role-name>MnDOT Chg Access</role-name>
</security-role>
<security-role>
JAW Guest User (unsecured)
<role-name>Public WitiUserTest</role-name>
</security-role>
-->
<security-role>
JAW Guest User (unsecured)
<role-name>OFCVO_RGCIP_Inventory</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JawJaasDbRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
--------------------------------
jboss-web.xml file
----------------
<jboss-web>
<security-domain>java:/jaas/JawJaasDbRealm</security-domain>
<!-- Resource Environment References -->
<!--
For additional resouce-env-ref tags add a merge file called jbossweb-resource-env-ref.xml
-->
<!-- Resource references -->
<!--
For additional resouce-ref tags add a merge file called jbossweb-resource-ref.xml
-->
<resource-ref>
<res-ref-name>jms/CreditCheckQueue</res-ref-name>
<jndi-name>queue/CreditCheckQueue</jndi-name>
</resource-ref>
<resource-ref>
<res-ref-name>jms/MyXAQueueConnectionFactory</res-ref-name>
<jndi-name>java:/JmsXA</jndi-name>
</resource-ref>
<!-- EJB References -->
<!--
For additional ejb-ref tags add a merge file called jbossweb-ejb-ref.xml
-->
<!-- EJB Local References -->
<!--
For additional ejb-local-ref tags add a merge file called jbossweb-ejb-local-ref.xml
-->
<ejb-local-ref>
<ejb-ref-name>ejb/InventoryFacadeLocal</ejb-ref-name>
<local-jndi-name>InventoryFacadeLocal</local-jndi-name>
</ejb-local-ref>
</jboss-web>
---------
It's just throwing the error page and asking to try once again.
i don't see much information in the log apart from the below one.
---------------------
2006-08-22 09:53:00,096 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at 1fd245f
2006-08-22 09:53:00,096 DEBUG [org.jboss.security.plugins.JaasSecurityManager.JawJaasDbRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy at 5f00f9
2006-08-22 09:53:00,096 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 5f00f9
2006-08-22 09:53:00,096 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added JawJaasDbRealm, org.jboss.security.plugins.SecurityDomainContext at 138ef1d to map
--------------
Please it's very urgent and please help me out what's missing ...
Thanks Advance.
bye
Sreeni Gali
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966724#3966724
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966724
More information about the jboss-user
mailing list