[jboss-user] [Security & JAAS/JBoss] - How to : no role matching test ; connect LDAPS server and se

newman79 do-not-reply at jboss.com
Tue Sep 9 08:48:12 EDT 2008 

Hi,

I'm a newbie in JBOSS, and JAAS.

I have followed some tutorials but I still cannot find a solution for 2
problems.

(1) In fact, my application internally manage role, and I don't want JAAS
to deal with it. So I'd like a system with login-config.xml and web.xml
<auth-contraints> <auth-role> tag, which permit to authentificate without
role check. (Anyway, there arent any role defined in the LDAP server for my
application, so I can't use role check.)

I've seen on the web that we can't put * to <auth-role> :
<auth-role>*</auth-role> doesn't work.

My login-config.xml application policy looks like that :

    <application-policy name="ldap">
      
        <login-module code="contollers.security.MyLDAPLoginModule"
flag="required">
          <module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option
name="java.naming.provider.url">ldaps://*******:636
ldaps://********:636</module-option>
          <module-option
name="java.naming.security.protocol">ssl</module-option>
          <module-option
name="java.naming.security.authentication">simple</module-option>
          <module-option
name="bindDN">cn=webdiracbt,ou=appli,o=edf,c=fr</module-option>
          <module-option name="bindCredential">******</module-option>
          <module-option name="baseCtxDN">c=fr</module-option>
          <module-option
name="baseFilter">(&(uid={0})(objectclass=inetorgperson))</module-option>
          <module-option
name="rolesCtxDN">ou=xa,o=edfgdf,c=fr</module-option>
          <module-option
name="roleFilter">(&(member={1})(objectclass=groupofnames))</module-option>
          <module-option name="roleAttributeID">cn</module-option>
          <module-option name="roleRecursion">-1</module-option>
        </login-module>
      
    </application-policy>


(2) Moreover, I'd like to use JAAS implemented classes and properties in
login-config.xml to connect to the LDAPS server and consult some
informations. I know I can do that with JNDI api, but is there a way to use
JAAS classes to do that.


(3) Another question : in my precedent implementation I still use JNDI  ; I
set up mannually into code the properties for LDAPS connection. I add also
SSL to protocol to prevent eventual ambiguity. However, my truststore seems
to be empty and my JBOSS server seems to be successful in LDAPS connexion
... If anyone has an idea ...


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175287#4175287

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4175287

More information about the jboss-user mailing list