Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

JAAS login with LDAP on Wildfly: principal is null and roles are not matched  RSS feed

 
daniele licitra
Ranch Hand
Posts: 81
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi to all.

I want to use LDAP login in my web application. I can login with my Active Directory account but i revice "Forbidden" message page.
So i printed out principal in my index.xhtml (not protected)

but principal is null even if i login and i return on this page (without logout).

(I used "Administrator" user that belong to "Administrators" and "Users" )

So:
- my principal is really null?
- If it is null, why i receive "forbidden" error and not "Unauthorized" page?
- Am I doing some mistakes with roles ?

I have a Windows Server 2012 machine (192.168.89.1) working as Domain Controller and a Linux machine with Wildfly.

I've configured the LDAP security domain on Wildfly:


In my jboss-web.xml added <security-domain>RLDAP</security-domain>

In web.xml


Thanks to all.
 
daniele licitra
Ranch Hand
Posts: 81
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Partially solved.

Now I can log in the web app.
Printing
show the username correctly and if I use an user with bad group, it throw "forbidden" error. OK.

I have a logout servlet:


but at row 14 the principal is null.
the problem is that i need that principal in method flushAutentica for flushing cache from server.


 
Rob Spoor
Sheriff
Posts: 20893
81
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all:
daniele licitra wrote:

You should remove the second block.
The first block says: if there is a session, end it.
The second block says: if there is a session, end it. Otherwise, create a new one and end it.

Regarding your issue - I know some servers cache the request principal in the session. If you end the session the principal is gone. The solution would be quite simple - call request.getPrincipal() before ending the session.
 
daniele licitra
Ranch Hand
Posts: 81
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rob.
Following your hint:


Problem:
If i look at JSESSIONID in cookies, the session ID is different, so the session is new.
If i go, after logout, to a protected url, no password is asked ... i'am still logged in ?

Am I forgetting something?

 
daniele licitra
Ranch Hand
Posts: 81
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Null principal problem resolved: it was a configuration error.

In web.xml added LogoutServlet in a security constraint:


But when i logout then enter on a protected page, no login is asked!

EDIT: This is the server log at logout moment:


This is all ok! It's BASIC auth, so when i log out, the system log in again!

Switching to FORM authentication is the solution
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!