I did not use a debugger but I added a lot of LOGGER.info statements (I
already removed most of them) . As you can see I added 2 LOGGER.info
statements in the initialize method. The first one gives
"ldap : ldap.properties" and the second one, in the if
statement, displays "URL == null" so this means that the
ConfUtils.getConfResource cannot create an URL.
The content of the login.properties is:
LdapLogin {
eu.debooy.jaas.ldap.DoosLoginModule required
debug=true
ldap="ldap.properties";
};
It cannot be the file atrributes as the groups.properties is used by the
PropertiesLoginModule:
-rw-r--r-- 1 tomee tomee 114 mei 20 2014 groups.properties
-rw-r--r-- 1 tomee tomee 337 dec 27 15:37 ldap.properties
Thanks for the link. The problem remains that it does not keep the cn
and mail attribute in the UserPrincipal. About my problem with using a
file in the conf directory. I will put the parameters in the
login.properties instead of reading them from the ldap.properties file.
Regards,
Marco
Op 28-12-14 om 11:50 schreef Romain Manni-Bucau:
Hi
Did you debug your loginmodule?
Fyi jvm has a ldap one
https://docs.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html
Le 27 déc. 2014 18:38, "Marco de Booij" <[email protected]> a écrit :
I am creating my own LoginModule. I need a UserPrincipal that holds also
the common name and e-mail address of the user. I want to get these values
from the LDAP.
I started with the PropertiesLoginModule so I could read a parameter file
from the Tomee conf directory. For this I created the file ldap.properties.
I changed the server.xml and the login.conf so all should be configured
correct. I put the JAR file with my UserPrincipal, GroupPrincipal and
LoginModule in the Tomee lib directory. When I restart Tomee and try to
access the Tomcat console I enter the userame and password. My LoginModule
is accessed but it cannot read the properties file. The URL (in the
initialize method) is null.
When I put in the values of the ldap.properties in the source and comment
out the reading of the file everything seems to work fine but I am refused
access to the console (Code 403. The group manager-gui is fetched from the
LDAP and put in the subject Principal rolePrincipal list).
Any hint on what I do wrong? Here is the LoginModule class:
package eu.debooy.jaas.ldap;
/**
* @author Marco de Booij
*
* Deze class zorgt ervoor dat de UserPrincipal ook wordt gevuld met het
e-mail
* adres en de volledige naam van de gebruiker.
*
* @see javax.security.auth.spi.LoginModule
*/
public class DoosLoginModule implements LoginModule {
private static final Logger LOGGER =
LoggerFactory.getLogger(DoosLoginModule.class);
private DirContext ctx;
private CallbackHandler handler;
private Properties ldap;
private RolePrincipal rolePrincipal;
private Subject subject;
private List<String> userRoles;
private UserPrincipal userPrincipal;
/**
* Initialiseer de DoosLoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?>
options) {
handler = callbackHandler;
this.subject = subject;
if (options.containsKey("ldap")) {
String properties = String.valueOf(options.get("ldap"));
LOGGER.info("ldap : " + properties );
URL propertiesUrl = ConfUtils.getConfResource(properties);
if (null == propertiesUrl) {
LOGGER.info("URL == null");
}
try {
ldap = readProperties(ConfUtils.getConfResource(properties));
LOGGER.debug("host : " + ldap.get("host"));
LOGGER.debug("factories.initctx: " +
ldap.get("factories.initctx"));
LOGGER.debug("factories.control: " +
ldap.get("factories.control"));
LOGGER.debug("user.searchbase : " + ldap.get("user.searchbase"));
LOGGER.debug("role.searchbase : " + ldap.get("role.searchbase"));
} catch (IOException e) {
LOGGER.error(e.getLocalizedMessage());
}
} else {
LOGGER.error("Missing parameter ldap");
}
}
