Tomcat integration with Ldap

Varsha NRao (HCL Financial Services) Tue, 25 Aug 2009 03:08:24 -0700

Hello,

I am trying to configure a JNDI Realm in my tomcat server and access the URL 
given in the examples http://localhost:8080/jsp-examples/security/protected/


The user Id and password  I am entering is getting authenticated , but I  am 
still not able to login, I get redirected to the error page with the following 
error message
"HTTP Status 403 - Access to the requested resource has been denied"

I have configured the realm in server.xml as follows:

<Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
          contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
          connectionURL="ldap://10.116.10.118:1389";
                  connectionName="tomcat"
                  connectionPassword="tomcat"
                  roleBase="cn=SingleSignOn,cn=groups,dc=test,dc=com"
                  roleName="cn"
                  roleSearch="uniqueMember={0}"
                  roleSubtree="true"
                  userBase="cn=users,dc=test,dc=com"
                  userPassword="userPassword"
                  userPattern="uid={0},cn=users,dc=test,dc=com"
                  userSearch="uid={0}"      />

and I have added the same under security/protected/META-INF/context.xml as 
follows:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/jsp-examples/*" >
 <Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
          contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
          connectionURL="ldap://10.116.10.118:1389";
                  connectionName="cn=root"
                  connectionPassword="password"
                  roleBase="cn=SingleSignOn,cn=groups,dc=test,dc=com"
                  roleName="cn"
                  roleSearch="uniqueMember={0}"
                  roleSubtree="true"
                  userBase="cn=users,dc=test,dc=com"
                  userPassword="userPassword"
                  userPattern="uid={0},cn=users,dc=test,dc=com"
                  userSearch="uid={0}"      />

</Context>

The web.xml is as follows

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
                 <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/protected/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
                 <role-name>SingleSignOn</role-name>

      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>/protected/login.jsp</form-login-page>
        <form-error-page>/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>

    <!-- Security roles referenced by this web application -->
    <security-role>
         <role-name>SingleSignOn</role-name>
    </security-role>

If I check the logs I get the following information

2009-08-25 11:45:35 JNDIRealm[Catalina]: Connecting to URL 
ldap://10.116.10.118:1389
2009-08-25 11:50:24 JNDIRealm[Catalina]: lookupUser(itadmin)
2009-08-25 11:50:24 JNDIRealm[Catalina]:   
dn=uid=itadmin,cn=users,dc=test,dc=com
2009-08-25 11:50:27 JNDIRealm[Catalina]:   retrieving attribute userPassword
2009-08-25 11:50:27 JNDIRealm[Catalina]:   validating credentials
2009-08-25 11:50:27 JNDIRealm[Catalina]: Username itadmin successfully 
authenticated
2009-08-25 11:50:27 JNDIRealm[Catalina]:   
getRoles(uid=itadmin,cn=users,dc=test,dc=com)
2009-08-25 11:50:27 JNDIRealm[Catalina]:   Searching role base 
'cn=SingleSignOn,cn=groups,dc=test,dc=com' for attribute 'cn'
2009-08-25 11:50:27 JNDIRealm[Catalina]:   With filter expression 
'uniqueMember=uid=itadmin,cn=users,dc=test,dc=com'
2009-08-25 11:50:27 JNDIRealm[Catalina]:   retrieving values for attribute cn
2009-08-25 11:50:27 JNDIRealm[Catalina]:   Returning 1 roles
2009-08-25 11:50:27 JNDIRealm[Catalina]:   Found role SingleSignOn

I tried various combinations but everytime I get the access deined error page.

I googled for the JNDIRealm class source, but I am not able to understand the 
concept of ROLE here. What exactly is being looked for in role based 
authentication? Is there any way the roles can be surpassed? How the the  
j_security_check work? How can we enhance its debugging level?




Cheers :)
Varsha

"No one can go back and make a brand new start.
                           Anyone can start from now and make a brand new 
ending..."
 P Please do not print this email unless it is absolutely necessary. Spread 
environmental awareness


DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. 
Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the 
opinions of HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is 
strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

Tomcat integration with Ldap

Reply via email to