[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-4452) Enable LdapIdentityStore to access LDAP via SSL

Marco Brizi (JIRA) jira-events at lists.jboss.org
Wed Oct 21 12:10:18 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBSEAM-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marco Brizi updated JBSEAM-4452:
--------------------------------

    Description: 
The current LdapIdentityStore offers a good support for integrate an LDAP repository. Unfortunately, at the moment, there is no configuration to access it via SSL.
The minimum support could be done by adding a new boolean attribute (for ex.  ssl-enabled)  in the ldap-identity-store element to offer the possibility to choose or not a secure communication.

I've tried to implement this extension changing security-2.2.xsd and the LdapIdentityStore class.
In the second file my work has been on new attribute getter/setter and on initialiseContext(String principal, String credentials) method just adding the following lines :

 String ldapProtocol = "ldap";
 if (isSslEnabled()) {
  	  ldapProtocol = "ldaps";
   	  env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
  }
  String providerUrl = String.format("%s://%s:%d", ldapProtocol, getServerAddress(), getServerPort());

In addition get the server certificate and set the -Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
At the moment I'm able to initiate the communication with secure LDAP server but the Identity.authenticate causes a "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
The complete stacktrace is attached to the issue.

  was:
The current LdapIdentityStore offers a good support for integrate an LDAP repository. Unfortunately, at the moment, there is no configuration to access it via SSL.
The minimum support could be done by adding a new boolean attribute (for ex.  ssl-enabled)  in the ldap-identity-store element to offer the possibility to choose or not a secure communication.

I've tried to implement this extension changing security-2.2.xsd and the LdapIdentityStore class.
In the second file my work has been on new attribute getter/setter and on initialiseContext(String principal, String credentials) method just adding the following lines :

 String ldapProtocol = "ldap";
 if (isSslEnabled()) {
  	  ldapProtocol = "ldaps";
   	  env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
  }
  String providerUrl = String.format("%s://%s:%d", ldapProtocol, getServerAddress(), getServerPort());

In addition get the server certificate and set the -D/usr/lib/jvm/java-6-sun=/path/to/keystore as JAVA_OPTS is needed.
At the moment I'm able to initiate the communication with secure LDAP server but the Identity.authenticate causes a "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
The complete stacktrace is attached to the issue.



> Enable LdapIdentityStore to access LDAP via SSL
> -----------------------------------------------
>
>                 Key: JBSEAM-4452
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-4452
>             Project: Seam
>          Issue Type: Feature Request
>    Affects Versions: 2.2.0.GA
>         Environment: Ubuntu 9.04, JBoss AS 5.1.0 GA
>            Reporter: Marco Brizi
>         Attachments: stacktrace.log
>
>
> The current LdapIdentityStore offers a good support for integrate an LDAP repository. Unfortunately, at the moment, there is no configuration to access it via SSL.
> The minimum support could be done by adding a new boolean attribute (for ex.  ssl-enabled)  in the ldap-identity-store element to offer the possibility to choose or not a secure communication.
> I've tried to implement this extension changing security-2.2.xsd and the LdapIdentityStore class.
> In the second file my work has been on new attribute getter/setter and on initialiseContext(String principal, String credentials) method just adding the following lines :
>  String ldapProtocol = "ldap";
>  if (isSslEnabled()) {
>   	  ldapProtocol = "ldaps";
>    	  env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
>   }
>   String providerUrl = String.format("%s://%s:%d", ldapProtocol, getServerAddress(), getServerPort());
> In addition get the server certificate and set the -Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
> At the moment I'm able to initiate the communication with secure LDAP server but the Identity.authenticate causes a "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
> The complete stacktrace is attached to the issue.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list