File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Configure JNDI Realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Configure JNDI Realm" Watch "Configure JNDI Realm" New topic
Author

Configure JNDI Realm

kasko oscuro
Greenhorn

Joined: Jun 28, 2007
Posts: 1
Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication process works fine but when Tomcat tries to check role this fails and it returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate()
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Authenticated 'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - Checking roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario tssiweb NO desempe´┐Ża el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role found: tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Failed accessControl() test

I have this information in LDAP, the user is tssiweb and the role is tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
mail: tssiweb@prueba.es
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389"
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>

And the security definitions in the web.xml are:

<!-- Security definitions -->

<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tssiwebuser</role-name>
</auth-constraint>
</security-constraint>

<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TSSIWEB</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<description>The role that is required to log in to the TSSIWEB Application</description>
<role-name>tssiwebuser</role-name>
</security-role>

I suppose that it will be some wrong configuration value. I would be very graceful for some track about.

Thanks,
Edu
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Configure JNDI Realm
 
Similar Threads
after JNDI realm Authentication, need further specificity on authentication
OpenLdap Authentication migration from Jboss5.1 to WebLogic 10.3.3
Problem in LDAP authentication for Tomcat
How to avoid role authentication in LDAP?
[Problem]Tomcat 6.x with Active Directory on Windows Server 2003