Hi,
I have created web application which have only one
servlet LdapAuthenticator and configured BASIC security constraints as below in web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>WebLogicLdap</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<description></description>
<display-name>LdapAuthenticator</display-name>
<servlet-name>LdapAuthenticator</servlet-name>
<servlet-class>test.LdapAuthenticator</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LdapAuthenticator</servlet-name>
<url-pattern>/LdapAuthenticator</url-pattern>
</servlet-mapping>
</web-app>
Below is my weblogic.xml file
<?xml version="1.0"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>manager</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>
I have follow the proper steps to configure realm for SQLAuthProvide and I am able to check the user and groups from database using admin console of weblogic, In short the configuration is correct.
Below is config.xml file entry
<realm>
<sec:auditor xsi:type="wls:default-auditorType">
<sec:name>nXchangeAuditing</sec:name>
<wls:information-audit-severity-enabled>true</wls:information-audit-severity-enabled>
<wls:warning-audit-severity-enabled>true</wls:warning-audit-severity-enabled>
<wls:error-audit-severity-enabled>true</wls:error-audit-severity-enabled>
<wls:success-audit-severity-enabled>true</wls:success-audit-severity-enabled>
<wls:failure-audit-severity-enabled>true</wls:failure-audit-severity-enabled>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQLAuthenticatorProvider</sec:name>
<sec:control-flag>REQUIRED</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
when I hit URL
http://xx.xx.xx.xxx:7001/WebLogicLdap/ the dialogue box appear to enter login id and password. I have then eneter the user id and correct password which is belong to manager group. I have encounter the below error message on browser
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Please let me know if someone has face and resolved same issue before.