hi, I am using a Login module configured for LDAP in my web app. THis works for Jetty but the same plans and web app i have deployed for Geronimo/Tomcat and it doesnt work.
Plans Realm Plan : <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns="http://geronimo.apache.org/xml/ns/deployment"; configId="org/apache/geronimo/ldap-secure" parentId="org/apache/geronimo/Server" > <gbean name="ldap-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute> <attribute name="serverSide">true</attribute> <attribute name="options"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL=ldap://localhost:389 connectionUsername=cn=root connectionPassword=db2admin connectionProtocol= authentication=simple userBase=ou=people,dc=ibm,dc=com userSearchMatching=uid={0} userSearchSubtree=false roleBase=ou=groups,dc=ibm,dc=com roleName=cn roleSearchMatching=(uniqueMember={0}) roleSearchSubtree=false userRoleName= </attribute> <attribute name="loginDomainName">ldap-realm</attribute> </gbean> <gbean name="ldap-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <attribute name="realmName">ldap-realm</attribute> <reference name="LoginModuleConfiguration"> <name>ldap-login</name> </reference> <reference name="ServerInfo"> <module>org/apache/geronimo/System</module> <name>ServerInfo</name> </reference> <reference name="LoginService"><module>org/apache/geronimo/Server</module><name>JaasLoginService</name></reference> </gbean> <gbean name="ldap-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> <attribute name="controlFlag">REQUIRED</attribute> <reference name="LoginModule"> <name>ldap-login</name> </reference> </gbean> </configuration> Geronimo-Web plan <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/web"; xmlns:sec="http://geronimo.apache.org/xml/ns/security"; configId="org/apache/geronimo/ldap-secure-demo" parentId="org/apache/geronimo/ldap-secure"> <context-root>/ldap-demo</context-root> <context-priority-classloader>false</context-priority-classloader> <security-realm-name>ldap-realm</security-realm-name> <security> <default-principal realm-name="ldap-realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/> </default-principal> <role-mappings> <role role-name="admin"> <realm realm-name="ldap-realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/> </realm> </role> <role role-name="users"> <realm realm-name="ldap-realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="users" designated-run-as="true"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user2"/> </realm> </role> <role role-name="guest"> <realm realm-name="ldap-realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest1"/> </realm> </role> </role-mappings> </security> </web-app> For Tomcat i get the following error. 09:13:23,502 DEBUG [FormAuthenticator] Authenticating username 'system' 09:13:23,502 DEBUG [TomcatGeronimoRealm] JAASRealm login requested for username "system" using LoginContext for application "ldap-realm" 09:13:23,512 ERROR [TomcatGeronimoRealm] Unexpected error javax.security.auth.login.LoginException: No LoginModules configured for ldap-realm at javax.security.auth.login.LoginContext.init(LoginContext.java:211) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:426) at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:356) at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:324) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:46) at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50) at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53) at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47) at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:567) Should i change the plans for TomCat? Regards Krishnakumar B
