Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

how to set up role-name in securityrole or auth-constraint  RSS feed

Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I integrated waffle into my tomcat 7.
I need to define the users in the active directory group that can visit the site, web.xml looks like:

<display-name>not relevant</display-name>

<description>not relevant</description>

I want all the users of certain group (e.g workflowusers) will be able to access this hosted site.
What is excatly the object i need to create in Active directory and add users to it ?
I Created a workflowusers group under the main DOMAIN object that looks like this (not working..):


This is link instruction from waffle:

If i replace the role-name to "Everyone" or place "*" it will work, e.g:


[Thumbnail for Capture.JPG]
Saloon Keeper
Posts: 19081
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's not a good idea to make "/*" be a secured URL pattern. Since that pattern covers everything, you make it impossible for a non-authenticated user to even fetch the images, css and other static assets until you've signed on. That can cause problems with the login process itself. Also, I prefer that every webapp should have an insecure "welcome" page, even if that page only says: "This app is secured, if you aren't authorized, go away!"

Setting up LDAP configuration can be tricky, and doubly so when using Active Directory, which has specific patterns for security-related entries. Obviously, this means that you should read this documentation: very carefully.

One thing that your screenshot does not show is how users are defined as members of a group. Java's security model requires 2 pair relationships - one between userid and password and one between userid and group(s). Since AD has handled the login, the userid/password relationship isn't normally important for your system, but the userid/group relationship is essential.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!