[jboss-user] JBOSS LDAPS JAAS : Use it without role check ; JAAS to connect LDAPS serveur and do some tasks

xmarquis at genigraph.fr xmarquis at genigraph.fr
Mon Sep 8 11:18:54 EDT 2008 

Hi,

I'm a newbie in JBOSS, and JAAS.

I have followed some tutorials but I still cannot find a solution for 2
problems.

(1) In fact, my application internally manage role, and I don't want JAAS
to deal with it. So I'd like a system with login-config.xml and web.xml
<auth-contraints> <auth-role> tag, which permit to authentificate without
role check. (Anyway, there arent any role defined in the LDAP server for my
application, so I can't use role check.)

I've seen on the web that we can't put * to <auth-role> :
<auth-role>*</auth-role> doesn't work.

My login-config.xml application policy looks like that : 

    <application-policy name="ldap">
      <authentication>
        <login-module code="contollers.security.MyLDAPLoginModule"
flag="required">
          <module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option
name="java.naming.provider.url">ldaps://*******:636
ldaps://********:636</module-option>
          <module-option
name="java.naming.security.protocol">ssl</module-option>
          <module-option
name="java.naming.security.authentication">simple</module-option>
          <module-option
name="bindDN">cn=webdiracbt,ou=appli,o=edf,c=fr</module-option>
          <module-option name="bindCredential">******</module-option>
          <module-option name="baseCtxDN">c=fr</module-option>
          <module-option
name="baseFilter">(&amp;(uid={0})(objectclass=inetorgperson))</module-option>
          <module-option
name="rolesCtxDN">ou=xa,o=edfgdf,c=fr</module-option>
          <module-option
name="roleFilter">(&amp;(member={1})(objectclass=groupofnames))</module-option>
          <module-option name="roleAttributeID">cn</module-option>
          <module-option name="roleRecursion">-1</module-option>
        </login-module>
      </authentication>
    </application-policy>


(2) Moreover, I'd like to use JAAS implemented classes and properties in
login-config.xml to connect to the LDAPS server and consult some
informations. I know I can do that with JNDI api, but is there a way to use
JAAS classes to do that.


(3) Another question : in my precedent implementation I still use JNDI  ; I
set up mannually into code the properties for LDAPS connection. I add also
SSL to protocol to prevent eventual ambiguity. However, my truststore seems
to be empty and my JBOSS server seems to be successful in LDAPS connexion
... If anyone has an idea ...

More information about the jboss-user mailing list