You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Christian Schmitz <cs...@pironet-ndh.com> on 2002/06/18 18:46:23 UTC

JNDIRealm without roles???

Hello,
I want to use JNDIRealm wothout Rolesearch. In my LDAP-Directory no roles
are set and I didn't set any roles in my web.xml. 
The Catalina log shows that the Realm authenticates Username and Password
correct, although Access denied! I don't know why.

This are the Entries in the log-file:

2002-06-18 17:44:43 JNDIRealm[Standalone]: Username schmutz2 successfully
authenticated
2002-06-18 17:44:43 JNDIRealm[Standalone]:
getRoles(uid=schmutz2,o=PIRONET,c=DE)

I searched the source code of JNDIRealm and this way seems to be
implemented:

        // Are we configured to do role searches?
        ArrayList list = new ArrayList();
        if ((roleFormat == null) || (roleName == null))
            return (list);

So I think it must authenticate, but Access denies.

Can anybody help me please

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: JNDIRealm without roles???

Posted by Josh Fenlason <jf...@ptc.com>.

Add this at the bottom of your web.xml, just before you close the web-app
element:
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>resourceName</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
		<!--This will allow any role including no role-->
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myRealm</realm-name>
    </login-config>

-----Original Message-----
From: Christian Schmitz [mailto:cschmitz@pironet-ndh.com]
Sent: Tuesday, June 18, 2002 11:46 AM
To: 'tomcat-user@jakarta.apache.org'
Subject: JNDIRealm without roles???


Hello,
I want to use JNDIRealm wothout Rolesearch. In my LDAP-Directory no roles
are set and I didn't set any roles in my web.xml.
The Catalina log shows that the Realm authenticates Username and Password
correct, although Access denied! I don't know why.

This are the Entries in the log-file:

2002-06-18 17:44:43 JNDIRealm[Standalone]: Username schmutz2 successfully
authenticated
2002-06-18 17:44:43 JNDIRealm[Standalone]:
getRoles(uid=schmutz2,o=PIRONET,c=DE)

I searched the source code of JNDIRealm and this way seems to be
implemented:

        // Are we configured to do role searches?
        ArrayList list = new ArrayList();
        if ((roleFormat == null) || (roleName == null))
            return (list);

So I think it must authenticate, but Access denies.

Can anybody help me please

--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>