[jboss-user] [JBoss Portal] - Can not get user role from LDAP server
saigon_man
do-not-reply at jboss.com
Sun Sep 30 00:06:30 EDT 2007
Hello,
Following up my previous post about an LDAP connection error
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119428
I found the way to make it work. It turned out that Jboss portal somehow doesn't work well with ApacheDS (well, at least it doesn't work for me) so, I switch to OpenDS which worked pretty well for me. But there is a problem with jboss portal of pulling user info from LDAP such as role. Here is my configuration
In my login-config.xml (This is the only place that I made changes to connect to the LDAP server)
| <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| <module-option name="defaultRole">User</module-option>
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://localhost:389/</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="baseCtxDN">ou=People,o=test,dc=portal,dc=example,dc=com</module-option>
| <module-option name="baseFilter">(uid={0})</module-option>
| <module-option name="rolesCtxDN">ou=Roles,o=test,dc=portal,dc=example,dc=com</module-option>
| <module-option name="roleFilter">(member={1})</module-option>
| <module-option name="roleAttributeID">member</module-option>
| <module-option name="roleRecursion">-1</module-option>
| <module-option name="roleNameAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">true</module-option>
| <module-option name="searchTimeLimit">5000</module-option>
| <module-option name="searchScope">SUBTREE_SCOPE</module-option>
| </login-module>
|
I also created the "Authenticated" role and associated this role with all user names in the LDAP server. I was able to log in using username/passwork: jduke1/theduke (I was using the portal-sample-local.ldif from jboss)
But when I tried to get the role for this user, I got some errors. Here are the codes that i used to get user role
| public String getUserRole(String username){
| String userrole = "";
| try{
| RoleModule module = (RoleModule)new InitialContext().lookup("java:portal/RoleModule");
| Role role = module.findRoleByName(username);
| userrole = role.getDisplayName();
| if(role != null){
| System.out.println("&**&*& Role is: " + userrole);
| }else{
| System.out.println("&*&*& Role is null");
| }
| }catch(Exception e){
| System.out.println("&*&*&* InitialContext error");
| }
| return userrole;
| }
|
When those codes are executed, I got these errors:
anonymous wrote :
| 17:29:58,109 ERROR [HibernateRoleModuleImpl] Cannot find role by name jduke1
| org.hibernate.HibernateException: Unable to locate current JTA transaction
| at org.hibernate.context.JTASessionContext.currentSession(JTASessionCont
| ext.java:61)
| at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactor
| yImpl.java:544)
| at org.jboss.portal.identity.db.HibernateRoleModuleImpl.getCurrentSessio
| n(HibernateRoleModuleImpl.java:386)
| at org.jboss.portal.identity.db.HibernateRoleModuleImpl.findRoleByName(H
| ibernateRoleModuleImpl.java:101)
| at com.lmco.eagan.e2els.jboss.portlet.test.Users.getUserRole(Unknown Sou
| rce)
| at com.lmco.eagan.e2els.jboss.portlet.jsp.HelloWorldJSPPortlet.doView(Un
| known Source)
| at javax.portlet.GenericPortlet.doDispatch(GenericPortlet.java:133)
| at javax.portlet.GenericPortlet.render(GenericPortlet.java:306)
| at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.invokeRende
| r(PortletContainerImpl.java:483)
| at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.dispatch(Po
| rtletContainerImpl.java:405)
| at org.jboss.portal.portlet.container.PortletContainerInvoker$1.invoke(P
| ortletContainerInvoker.java:86)
| at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.j
| ava:131)
| at org.jboss.portal.core.aspects.portlet.TransactionInterceptor.org$jbos
| s$portal$core$aspects$portlet$TransactionInterceptor$invokeNotSupported$aop(Tran
| sactionInterceptor.java:86)
| at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
| tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
| rted_N4547270787964792031.java)
| at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
| at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.
| java:112)
| at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
| tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
| rted_N4547270787964792031.java)
| at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
| at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.
| java:102)
| at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeNo
| tSupported_N4547270787964792031.invokeNext(TransactionInterceptor$invokeNotSuppo
| rted_N4547270787964792031.java)
| .....
|
My question is: is there a way to get the user role from LDAP? Am I missing something in the codes above or is there anything else I should do?
Your help is greatly appreciated
Thanks,
SGM
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089997#4089997
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4089997
More information about the jboss-user
mailing list