You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ole Ersoy <ol...@yahoo.com> on 2005/03/26 05:17:19 UTC

JNDI Realm Issue with 5.5.7

Hello Everybody,

I'm attempting to configure JNDI authentication. 

I think I must be missing something obvious in the
configuration
files, because I get the login error page when
entering non user information,
and when I type in the correct username and password,
tomcat gives me this:

HTTP Status 403 - Access to the requested resource has
been denied

I would very much appreciate any pointers on the
following application structure
to get this to work.  The protected page that I am
expecting to see is index.jsp.
I can connect to OpenLDAP fine via JXPlorer (JNDI
Client) using user + password authentication
so I know that the ldapuser (The name of the user) and
the corresponding password works.

LOCATION OF JSP PAGES WITHIN THE DEPLOYMENT DIRECTORY
/testaaa/login.jsp
/testaaa/error.jsp
/testaaa/main/index.jsp

CONTEXT DESCRIPTOR
<Context path="/testaaa" docBase="testaaa" debug="0"
reloadable="true">
        <Realm 
          
className="org.apache.catalina.realm.JNDIRealm"
           debug="99"
	       connectionURL="ldap://localhost:389"
	      
userPattern="uid={0},ou=People,dc=example,dc=com"
	       roleBase="ou=roles,dc=example,dc=com"
	       rolename="cn"
	       rolesearch="(roleOccupant={0})"/>
</Context>

DEPLOYMENT DESCRIPTOR
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

  <display-name>Tomcat testaaa</display-name>
  <description>
     A test to see whether LDAP authentication works
  </description>


  <servlet>
    <servlet-name>index</servlet-name>
    <jsp-file>/main/index.jsp</jsp-file>
  </servlet>

  <servlet-mapping>
    <servlet-name>index</servlet-name>
    <url-pattern>/main/*</url-pattern>
  </servlet-mapping>

  <security-constraint>
    <display-name>testaaa
Authentication</display-name>
    <web-resource-collection>
      <web-resource-name>index</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>projectmanager</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>testrealm</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>

  <security-role>
   <description>The project manager role</description>
   <role-name>projectmanager</role-name>
  </security-role>
</web-app>

LDIF RECORDS (I Left out the top level entries)
dn: uid=ldapuser,ou=People,dc=example,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:
{crypt}$1$5cgeDTOi$8QTMd3SlGy9FS563ffNHs0
shadowLastChange: 12828
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 100
homeDirectory: /home/ldapuser

#testuser projectmanager role
dn: cn=projectmanager,ou=roles,dc=example,dc=com
objectclass: organizationalRole
cn: projectmanager
description: project manager role
roleOccupant: uid=ldapuser,ou=People,dc=example,dc=com

Can anyone see why tomcat does not return index.jsp
after the correct user name
and password is entered?

Thanks a gazillion,
- Ole


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: JNDI Realm Issue with 5.5.7

Posted by William Stranathan <sh...@gmail.com>.

I haven't tried this out myself, but here are several possibilities:

1) Does /main/index.jsp exist?  That's where your servlet points to
2) There doesn't appear to be a welcome-file configured - depending on
what URL you're using, it may be that it's looking for a welcome file,
but since there's not one configured, it can't be found.

This doesn't APPEAR to be a JNDI issue.  Have you tried this
configuration WITHOUT the security-constraint yet to eliminate AAA as
the cause of the issues?

w

On Fri, 25 Mar 2005 20:17:19 -0800 (PST), Ole Ersoy <ol...@yahoo.com> wrote:
> 
> I think I must be missing something obvious in the
> configuration
> files, because I get the login error page when
> entering non user information,
> and when I type in the correct username and password,
> tomcat gives me this:
> 
> HTTP Status 403 - Access to the requested resource has
> been denied
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org