Hello, I am trying to configure a JNDI Realm in my tomcat server and access the URL given in the examples http://localhost:8080/jsp-examples/security/protected/
The user Id and password I am entering is getting authenticated , but I am still not able to login, I get redirected to the error page with the following error message "HTTP Status 403 - Access to the requested resource has been denied" I have configured the realm in server.xml as follows: <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" connectionURL="ldap://10.116.10.118:1389" connectionName="tomcat" connectionPassword="tomcat" roleBase="cn=SingleSignOn,cn=groups,dc=test,dc=com" roleName="cn" roleSearch="uniqueMember={0}" roleSubtree="true" userBase="cn=users,dc=test,dc=com" userPassword="userPassword" userPattern="uid={0},cn=users,dc=test,dc=com" userSearch="uid={0}" /> and I have added the same under security/protected/META-INF/context.xml as follows: <?xml version="1.0" encoding="UTF-8"?> <Context path="/jsp-examples/*" > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" connectionURL="ldap://10.116.10.118:1389" connectionName="cn=root" connectionPassword="password" roleBase="cn=SingleSignOn,cn=groups,dc=test,dc=com" roleName="cn" roleSearch="uniqueMember={0}" roleSubtree="true" userBase="cn=users,dc=test,dc=com" userPassword="userPassword" userPattern="uid={0},cn=users,dc=test,dc=com" userSearch="uid={0}" /> </Context> The web.xml is as follows <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>SingleSignOn</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/protected/login.jsp</form-login-page> <form-error-page>/protected/error.jsp</form-error-page> </form-login-config> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>SingleSignOn</role-name> </security-role> If I check the logs I get the following information 2009-08-25 11:45:35 JNDIRealm[Catalina]: Connecting to URL ldap://10.116.10.118:1389 2009-08-25 11:50:24 JNDIRealm[Catalina]: lookupUser(itadmin) 2009-08-25 11:50:24 JNDIRealm[Catalina]: dn=uid=itadmin,cn=users,dc=test,dc=com 2009-08-25 11:50:27 JNDIRealm[Catalina]: retrieving attribute userPassword 2009-08-25 11:50:27 JNDIRealm[Catalina]: validating credentials 2009-08-25 11:50:27 JNDIRealm[Catalina]: Username itadmin successfully authenticated 2009-08-25 11:50:27 JNDIRealm[Catalina]: getRoles(uid=itadmin,cn=users,dc=test,dc=com) 2009-08-25 11:50:27 JNDIRealm[Catalina]: Searching role base 'cn=SingleSignOn,cn=groups,dc=test,dc=com' for attribute 'cn' 2009-08-25 11:50:27 JNDIRealm[Catalina]: With filter expression 'uniqueMember=uid=itadmin,cn=users,dc=test,dc=com' 2009-08-25 11:50:27 JNDIRealm[Catalina]: retrieving values for attribute cn 2009-08-25 11:50:27 JNDIRealm[Catalina]: Returning 1 roles 2009-08-25 11:50:27 JNDIRealm[Catalina]: Found role SingleSignOn I tried various combinations but everytime I get the access deined error page. I googled for the JNDIRealm class source, but I am not able to understand the concept of ROLE here. What exactly is being looked for in role based authentication? Is there any way the roles can be surpassed? How the the j_security_check work? How can we enhance its debugging level? Cheers :) Varsha "No one can go back and make a brand new start. Anyone can start from now and make a brand new ending..." P Please do not print this email unless it is absolutely necessary. Spread environmental awareness DISCLAIMER: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. -----------------------------------------------------------------------------------------------------------------------