You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eduardo del Bas <ka...@gmail.com> on 2007/06/27 13:50:13 UTC

Configure JNDI Realm

Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication
process works fine but when Tomcat tries to check role this fails and it
returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Calling
authenticate()
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Authenticated
'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Calling
accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase -   Checking
roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario
tssiweb NO desempeƱa el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role
found:  tssiwebuser
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Failed
accessControl() test

I have this information in LDAP, the user is tssiweb and the role is
tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
mail: tssiweb@prueba.es
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389"
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>

And the security definitions in the web.xml are:

<!-- Security definitions -->

  <!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>tssiwebuser</role-name>
    </auth-constraint>
  </security-constraint>

<!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TSSIWEB</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>The role that is required to log in to the TSSIWEB
Application</description>
    <role-name>tssiwebuser</role-name>
  </security-role>

I suppose that it will be some wrong configuration value. I would be very
graceful for some track about.

Thanks,
Edu