File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Configure JNDI Realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Configure JNDI Realm" Watch "Configure JNDI Realm" New topic

Configure JNDI Realm

kasko oscuro

Joined: Jun 28, 2007
Posts: 1
Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication process works fine but when Tomcat tries to check role this fails and it returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate()
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Authenticated 'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - Checking roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario tssiweb NO desempe´┐Ża el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role found: tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Failed accessControl() test

I have this information in LDAP, the user is tssiweb and the role is tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleSearch="(uniqueMember={0})" />

And the security definitions in the web.xml are:

<!-- Security definitions -->

<!-- Define a Security Constraint on this Application -->
<web-resource-name>Entire Application</web-resource-name>

<!-- Define the Login Configuration for this Application -->

<!-- Security roles referenced by this web application -->
<description>The role that is required to log in to the TSSIWEB Application</description>

I suppose that it will be some wrong configuration value. I would be very graceful for some track about.

I agree. Here's the link:
subject: Configure JNDI Realm
It's not a secret anymore!