Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Configure JNDI Realm

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication process works fine but when Tomcat tries to check role this fails and it returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate()
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Authenticated 'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Calling accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - Checking roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario tssiweb NO desempe´┐Ża el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role found: tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.authenticator.AuthenticatorBase - Failed accessControl() test

I have this information in LDAP, the user is tssiweb and the role is tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
mail: tssiweb@prueba.es
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389";
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>

And the security definitions in the web.xml are:

<!-- Security definitions -->

<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tssiwebuser</role-name>
</auth-constraint>
</security-constraint>

<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TSSIWEB</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<description>The role that is required to log in to the TSSIWEB Application</description>
<role-name>tssiwebuser</role-name>
</security-role>

I suppose that it will be some wrong configuration value. I would be very graceful for some track about.

Thanks,
Edu
 
    Bookmark Topic Watch Topic
  • New Topic