Hi All,
I am migrating the application from WEBSPHERE 5 TO
jboss 5.1
I am doing the LDAP security in jboss server, I can able to authenticate but I cant able to get the Roles but through LDAP browser I can able to see the Roles and same is working in Websphere, Find the below error log
014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling hasUserDataPermission()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) User data constraint has no restrictions
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling authenticate()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost%2F127.0.0.1-8080-2) Restore request from session '64ADB7A506D6C59491DD707235667BAF'
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Authenticated 'jp01270' with type 'FORM'
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost%2F127.0.0.1-8080-2) Proceed to restored request
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Calling accessControl()
2014-08-11 19:29:05,508 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Checking roles GenericPrincipal[jp01270(CIA_DVSM_ADM,SFD,all_authenticated_users,)]
2014-08-11 19:29:05,508 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) [getServletName:servletmappings=[Ljava.lang.String;@79d54b:servlet.getName()=action]
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Username jp01270 does NOT have role SD_ADMINISTRATOR
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasRole:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2)
No role found: SD_ADMINISTRATOR
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) [getServletName:servletmappings=[Ljava.lang.String;@a25f62:servlet.getName()=action]
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Username jp01270 does NOT have role SFD_USER
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasRole:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2)
No role found: SD_USER
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost%2F127.0.0.1-8080-2) Checking for all roles mode: authOnly
2014-08-11 19:29:05,524 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-2) hasResourcePerm:RealmBase says:false::Authz framework says:false:final=false
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost%2F127.0.0.1-8080-2) Failed accessControl()
test
2014-08-11 19:29:05,524 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] (http-localhost%2F127.0.0.1-8080-2) Processing ErrorPage[errorCode=403, location=/error/error403.jsp]
-------------------------------------------------------------------------------
My settings are
login-confix.xml
<application-policy name="ldap-sd">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">
ldap://sdsdds.md2.d.fr:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="baseCtxDN">ou=People,o=renault</module-option>
<module-option name="bindDN">uid=AWTWSAD,ou=FRA,ou=People,o=renault</module-option>
<module-option name="bindCredential">AWTWSAD</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=rights,o=renault</module-option>
<module-option name="roleFilter">(uniqueMember={1})</module-option>
<module-option name="roleAttributeID">objectClass</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="searchScope">ALL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="defaultRole">all_authenticated_users</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
<module-option name="rolesProperties">props/sd-rolesMapping-roles.properties</module-option>
<module-option name="replaceRole">true</module-option>
</login-module>
</authentication>
</application-policy>
--------------------------------------------------------------------------------------
sd-rolesMapping-roles.properties
SD_ADMINISTRATOR=SD_ADMINISTRATOR
SD_USER=SD_USER
------------------------------------------------------
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All authenticated users</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>/jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SFD_ADMINISTRATOR</role-name>
<role-name>SFD_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/user/login.jsp</form-login-page>
<form-error-page>/user/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>SD_ADMINISTRATOR</role-name>
</security-role>
<security-role>
<description></description>
<role-name>SD_USER</role-name>
</security-role>
-----------------------------------------------------------------------------
jboss-web.xml
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>
java:/jaas/ldap-sd</security-domain>
</jboss-web>
-------------------------------------------------------------------
application.xml
<security-role>
<description>All authenticated users</description>
<role-name>SD_ADMINISTRATOR</role-name>
</security-role>
<security-role>
<role-name>SD_USER</role-name>
</security-role>
Could you please help me on this? Where I am wrong?