• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Jboss 5.1 and LDAP - roles are not working  RSS feed

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am migrating the application from WEBSPHERE 5 TO jboss 5.1

I am doing the LDAP security in jboss server, I can able to authenticate but I cant able to get the Roles but through LDAP browser I can able to see the Roles and same is working in Websphere, Find the below error log


014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling hasUserDataPermission()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) User data constraint has no restrictions
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling authenticate()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost%2F127.0.0.1-8080-2) Restore request from session '64ADB7A506D6C59491DD707235667BAF'
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Authenticated 'jp01270' with type 'FORM'
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost%2F127.0.0.1-8080-2) Proceed to restored request
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling accessControl()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Checking roles GenericPrincipal[jp01270(CIA_DVSM_ADM,SFD,all_authenticated_users,)]
2014-08-11 19:29:05,508 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) [getServletName:servletmappings=[Ljava.lang.String;@79d54b:servlet.getName()=action]
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Username jp01270 does NOT have role SD_ADMINISTRATOR
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasRole:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) No role found: SD_ADMINISTRATOR
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) [getServletName:servletmappings=[Ljava.lang.String;@a25f62:servlet.getName()=action]
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Username jp01270 does NOT have role SFD_USER
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasRole:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) No role found: SD_USER
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Checking for all roles mode: authOnly
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasResourcePerm:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Failed accessControl() test
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] (http-localhost%2F127.0.0.1-8080-2) Processing ErrorPage[errorCode=403, location=/error/error403.jsp]



-------------------------------------------------------------------------------
My settings are

login-confix.xml

<application-policy name="ldap-sd">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://sdsdds.md2.d.fr:389</module-option>;
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="baseCtxDN">ou=People,o=renault</module-option>
<module-option name="bindDN">uid=AWTWSAD,ou=FRA,ou=People,o=renault</module-option>
<module-option name="bindCredential">AWTWSAD</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=rights,o=renault</module-option>
<module-option name="roleFilter">(uniqueMember={1})</module-option>
<module-option name="roleAttributeID">objectClass</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="searchScope">ALL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="defaultRole">all_authenticated_users</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
<module-option name="rolesProperties">props/sd-rolesMapping-roles.properties</module-option>
<module-option name="replaceRole">true</module-option>
</login-module>
</authentication>
</application-policy>
--------------------------------------------------------------------------------------
sd-rolesMapping-roles.properties

SD_ADMINISTRATOR=SD_ADMINISTRATOR
SD_USER=SD_USER
------------------------------------------------------

web.xml


<security-constraint>
<web-resource-collection>
<web-resource-name>All authenticated users</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>/jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SFD_ADMINISTRATOR</role-name>
<role-name>SFD_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/user/login.jsp</form-login-page>
<form-error-page>/user/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>SD_ADMINISTRATOR</role-name>
</security-role>
<security-role>
<description></description>
<role-name>SD_USER</role-name>
</security-role>
-----------------------------------------------------------------------------

jboss-web.xml

<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>java:/jaas/ldap-sd</security-domain>
</jboss-web>

-------------------------------------------------------------------

application.xml


<security-role>
<description>All authenticated users</description>
<role-name>SD_ADMINISTRATOR</role-name>
</security-role>
<security-role>
<role-name>SD_USER</role-name>
</security-role>



Could you please help me on this? Where I am wrong?


 
Bartender
Posts: 3648
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't know if this is the root cause, but in the web.xml <auth-constraint> you had "SFD_...." rather than "SF_..."

<auth-constraint>
<role-name>SFD_ADMINISTRATOR</role-name>
<role-name>SFD_USER</role-name>

</auth-constraint>
 
arkaes Duraimoni
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you, Tsang, the role I have changes while posting here, finally its working after giving the some wrong roles in role mapping preoperties .. but not sure why this is happening.

finally worked
 
K. Tsang
Bartender
Posts: 3648
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Glad I catched that typo
 
Shiny ad:
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!