You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eduardo del Bas <ka...@gmail.com> on 2007/06/27 13:50:13 UTC
Configure JNDI Realm
Hi all,
I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication
process works fine but when Tomcat tries to check role this fails and it
returns me a HTTP 403 page.
Tomcat log is:
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Calling
authenticate()
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Authenticated
'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Calling
accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - Checking
roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario
tssiweb NO desempeƱa el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role
found: tssiwebuser
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Failed
accessControl() test
I have this information in LDAP, the user is tssiweb and the role is
tssiwebuser:
dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser
dn: uid=tssiweb,ou=People, o=tmm
mail: tssiweb@prueba.es
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser
The context file for my web application is:
<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389"
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>
And the security definitions in the web.xml are:
<!-- Security definitions -->
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tssiwebuser</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TSSIWEB</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>The role that is required to log in to the TSSIWEB
Application</description>
<role-name>tssiwebuser</role-name>
</security-role>
I suppose that it will be some wrong configuration value. I would be very
graceful for some track about.
Thanks,
Edu