JBoss AS 6 SSL HTTPS WebService Access and LDAP Authentication

Hi!

I've successfully configured JBoss to receive https requests with a self-signed certificate. I have a web service deployed that authenticates against my LDAP server with this application policy:

<application-policy name="idp">
		<authentication>
			<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
				<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
				<module-option name="java.naming.provider.url">ldap://my.company.ldap.com:389</module-option>
				<module-option name="java.naming.security.authentication">simple</module-option>
				<module-option name="bindDN">cn=root,dc=my.company</module-option>
				<module-option name="bindCredential">password</module-option>
				<module-option name="baseCtxDN">ou=users,dc=my.company</module-option>
				<module-option name="baseFilter">(uid={0})</module-option>

<module-option name="rolesCtxDN">ou=roles,dc=my.company</module-option>
				<module-option name="roleFilter">(roleOccupant={1})</module-option>
				<module-option name="roleAttributeID">cn</module-option>
				<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
				<module-option name="allowEmptyPasswords">true</module-option>
			</login-module>
		</authentication>
  </application-policy>

My web.xml file has the next config to enable https access:

The authentication was working without the set up for https access. When the web service is up in https mode it doesn't make any authentication process.

My EJB - web service class looks this way:

By now I need to have both of them working. I need the web service to work with https access and the authentication against my LDAP server.

Thank you for your help!

Fabio, welcome to CodeRanch!

When the web service is up in https mode it doesn't make any authentication process.

What exactly happens? Do you see any error messages or does it just allow access to the component without any authentication?

Hi Jaikiran!

Thank you for your help, what was happening was that it allowed the access without any authentication. Right now I've found the solution. It's kind of weird because the change I made is not a big deal. It works with the next annotations config:

- My web.xml is now empty

- My EJB - Web Service:

With this change what I've got is that now the web service is exposed directly in a https://... URL. With the former config it was always exposed in http://... and now the authentication process is done correctly. To prevent simple http conections I removed the http connector from JBoss config (jbossweb.sar/server.xml). I would like to know if there's a better option to avoid http connections just for my application and not the whole server.

Thank you!

(btw ... I don't know if right now I should mark this topic as resolved)