• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JAAS login with LDAP on Wildfly: principal is null and roles are not matched

 
Ranch Hand
Posts: 82
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi to all.

I want to use LDAP login in my web application. I can login with my Active Directory account but i revice "Forbidden" message page.
So i printed out principal in my index.xhtml (not protected)

but principal is null even if i login and i return on this page (without logout).

(I used "Administrator" user that belong to "Administrators" and "Users" )

So:
- my principal is really null?
- If it is null, why i receive "forbidden" error and not "Unauthorized" page?
- Am I doing some mistakes with roles ?

I have a Windows Server 2012 machine (192.168.89.1) working as Domain Controller and a Linux machine with Wildfly.

I've configured the LDAP security domain on Wildfly:


In my jboss-web.xml added <security-domain>RLDAP</security-domain>

In web.xml


Thanks to all.
 
daniele licitra
Ranch Hand
Posts: 82
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Partially solved.

Now I can log in the web app.
Printing
show the username correctly and if I use an user with bad group, it throw "forbidden" error. OK.

I have a logout servlet:


but at row 14 the principal is null.
the problem is that i need that principal in method flushAutentica for flushing cache from server.


 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First of all:

daniele licitra wrote:


You should remove the second block.
The first block says: if there is a session, end it.
The second block says: if there is a session, end it. Otherwise, create a new one and end it.

Regarding your issue - I know some servers cache the request principal in the session. If you end the session the principal is gone. The solution would be quite simple - call request.getPrincipal() before ending the session.
 
daniele licitra
Ranch Hand
Posts: 82
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rob.
Following your hint:


Problem:
If i look at JSESSIONID in cookies, the session ID is different, so the session is new.
If i go, after logout, to a protected url, no password is asked ... i'am still logged in ?

Am I forgetting something?

 
daniele licitra
Ranch Hand
Posts: 82
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Null principal problem resolved: it was a configuration error.

In web.xml added LogoutServlet in a security constraint:


But when i logout then enter on a protected page, no login is asked!

EDIT: This is the server log at logout moment:


This is all ok! It's BASIC auth, so when i log out, the system log in again!

Switching to FORM authentication is the solution
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic