• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

Configure JNDI Realm

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication process works fine but when Tomcat tries to check role this fails and it returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate()
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Authenticated 'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - Checking roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario tssiweb NO desempe´┐Ża el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role found: tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Failed accessControl() test

I have this information in LDAP, the user is tssiweb and the role is tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
mail: tssiweb@prueba.es
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389"
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>

And the security definitions in the web.xml are:

<!-- Security definitions -->

<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tssiwebuser</role-name>
</auth-constraint>
</security-constraint>

<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TSSIWEB</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<description>The role that is required to log in to the TSSIWEB Application</description>
<role-name>tssiwebuser</role-name>
</security-role>

I suppose that it will be some wrong configuration value. I would be very graceful for some track about.

Thanks,
Edu
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic