troubleshooting Question

LDAP Authentication on JBoss

Avatar of sakkie6yster
sakkie6yster asked on
DatabasesJSPJava App Servers
13 Comments1 Solution8426 ViewsLast Modified:
I'm trying to setup LDAP authentication on Jboss (404GA).  I have setup form based authentication on the web.xml, have created the security domain in the jboss-web.xml and added the LdapLoginModule in the login-config.xml.  Furthermore I'm using the j_security_check action in my jsp.  (Will attach the necessary code snippets from these different sources).  

As soon as I enter a valid username and password (ie. that exist on LDAP), I get an "HTTP Status 403 - Access to the requested resource has been denied" error message and have not been able to resolve this problem.  

Has anybody have the same problem or know what I can do to resolve this? Please?


login.jsp:
==========
<form action="j_security_check" method="post" name="loginFrom">
 
web.xml:
========
<security-constraint>
		<display-name>Administrator Constraint</display-name>
		<web-resource-collection>
			<web-resource-name>Administrator Constraint</web-resource-name>
			<description></description>
			<url-pattern>*.jsp</url-pattern>
			<url-pattern>*.do</url-pattern>
			<http-method>GET</http-method>
			<http-method>PUT</http-method>
			<http-method>POST</http-method>
		</web-resource-collection>
		<auth-constraint>
			<description></description>
			<role-name>SystemAdministrator</role-name>
			<role-name>StandardUser</role-name>
			<role-name>QualityChecker</role-name>
			<role-name>TeamLeader</role-name>
			<role-name>QualityAssessor</role-name>
			<role-name>ViewOnlyUser</role-name>
			<role-name>StandardUserFO</role-name>
			<role-name>StandardUserBO</role-name>
			<role-name>Administrator</role-name>			
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
 		<realm-name>ldap-security</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/login.jsp?error=true</form-error-page>
		</form-login-config>
	</login-config>
 
jboss-web.xml:
==============
 <security-domain>java:/jaas/ldap-security</security-domain>
 
login-config.xml:
==================
 
 
   <application-policy name="ldap-security">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                <module-option name="java.naming.provider.url">ldap://fnb400:389/</module-option>
                <module-option name="java.naming.security.authentication">simple</module-option>                
                
		<module-option name="java.naming.security.principal">cn=wasadmin,o=fnbinsuranceprdmass</module-option>
                <module-option name="java.naming.security.credentials">password</module-option>
                
                <module-option name="principalDNPrefix">cn=</module-option>
                <module-option name="principalDNSuffix">,o=fnbinsuranceprdmass</module-option>
                <module-option name="rolesCtxDN">cn=Administrator,o=fnbinsuranceprdmass</module-option>
                <module-option name="roleAttributeIsDN">false</module-option>
                <module-option name="searchTimeLimit">5000</module-option>
		<module-option name="searchScope">SUBTREE_SCOPE</module-option>
            </login-module>
        </authentication>
   </application-policy>
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 13 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros