You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ole Ersoy <ol...@yahoo.com> on 2005/03/26 05:17:19 UTC
JNDI Realm Issue with 5.5.7
Hello Everybody,
I'm attempting to configure JNDI authentication.
I think I must be missing something obvious in the
configuration
files, because I get the login error page when
entering non user information,
and when I type in the correct username and password,
tomcat gives me this:
HTTP Status 403 - Access to the requested resource has
been denied
I would very much appreciate any pointers on the
following application structure
to get this to work. The protected page that I am
expecting to see is index.jsp.
I can connect to OpenLDAP fine via JXPlorer (JNDI
Client) using user + password authentication
so I know that the ldapuser (The name of the user) and
the corresponding password works.
LOCATION OF JSP PAGES WITHIN THE DEPLOYMENT DIRECTORY
/testaaa/login.jsp
/testaaa/error.jsp
/testaaa/main/index.jsp
CONTEXT DESCRIPTOR
<Context path="/testaaa" docBase="testaaa" debug="0"
reloadable="true">
<Realm
className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://localhost:389"
userPattern="uid={0},ou=People,dc=example,dc=com"
roleBase="ou=roles,dc=example,dc=com"
rolename="cn"
rolesearch="(roleOccupant={0})"/>
</Context>
DEPLOYMENT DESCRIPTOR
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Tomcat testaaa</display-name>
<description>
A test to see whether LDAP authentication works
</description>
<servlet>
<servlet-name>index</servlet-name>
<jsp-file>/main/index.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>index</servlet-name>
<url-pattern>/main/*</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>testaaa
Authentication</display-name>
<web-resource-collection>
<web-resource-name>index</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>projectmanager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testrealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The project manager role</description>
<role-name>projectmanager</role-name>
</security-role>
</web-app>
LDIF RECORDS (I Left out the top level entries)
dn: uid=ldapuser,ou=People,dc=example,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:
{crypt}$1$5cgeDTOi$8QTMd3SlGy9FS563ffNHs0
shadowLastChange: 12828
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 100
homeDirectory: /home/ldapuser
#testuser projectmanager role
dn: cn=projectmanager,ou=roles,dc=example,dc=com
objectclass: organizationalRole
cn: projectmanager
description: project manager role
roleOccupant: uid=ldapuser,ou=People,dc=example,dc=com
Can anyone see why tomcat does not return index.jsp
after the correct user name
and password is entered?
Thanks a gazillion,
- Ole
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JNDI Realm Issue with 5.5.7
Posted by William Stranathan <sh...@gmail.com>.
I haven't tried this out myself, but here are several possibilities:
1) Does /main/index.jsp exist? That's where your servlet points to
2) There doesn't appear to be a welcome-file configured - depending on
what URL you're using, it may be that it's looking for a welcome file,
but since there's not one configured, it can't be found.
This doesn't APPEAR to be a JNDI issue. Have you tried this
configuration WITHOUT the security-constraint yet to eliminate AAA as
the cause of the issues?
w
On Fri, 25 Mar 2005 20:17:19 -0800 (PST), Ole Ersoy <ol...@yahoo.com> wrote:
>
> I think I must be missing something obvious in the
> configuration
> files, because I get the login error page when
> entering non user information,
> and when I type in the correct username and password,
> tomcat gives me this:
>
> HTTP Status 403 - Access to the requested resource has
> been denied
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org