directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Allen" <Gregory.Al...@SierraAtlantic.com>
Subject RE: [ApacheDS] Using ApacheDS for web authentication
Date Fri, 15 May 2009 02:05:40 GMT
Hi Stefan,

I'm not sure this would help me. 

I believe I still want to embed ApacheDS in my application - that way I
can provide
self-registration.  I think what you are suggestion to provide would fix
my authentication
problem but not help with self-registration.

I assumed I could fix my problem by simply moving my <Realm> to the
context.xml of
my web application. I assumed then it would start after the embedded
ApacheDS instance.
But it doesn't seem to be working.  I added this to my web apps's
context.xml:

<Realm className="org.apache.catalina.realm.JNDIRealm" 
 debug="99" 
 connectionName="uid=admin,ou=system" 
 connectionPassword="secret" 
 connectionURL="ldap://localhost:10389" 
 digest="SHA" 
 allRolesMode="authOnly" 
 userPassword="userPassword" 
 userPattern="uid={0},ou=accounts,dc=test,dc=org" 
 roleBase="ou=groups,dc=test,dc=org" 
 roleName="cn" 
 roleSearch="(uniqueMember={0})" 
/>

I then start my web application and see the ApacheDS instance started. I
navigate
to my login page and then hit submit.  This appears in the log:

     [java] May 13, 2009 10:01:15 PM org.apache.catalina.realm.JAASRealm
authenticate
     [java] SEVERE: Unexpected error
     [java] java.lang.SecurityException: Unable to locate a login
configuration
     [java]     at
com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
     [java]     at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod)
     [java]     at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA
ccessorImpl.java:39)
     [java]     at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons
tructorAccessorImpl.java:27)
     [java]     at
java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     [java]     at java.lang.Class.newInstance0(Class.java:355)
     [java]     at java.lang.Class.newInstance(Class.java:308)
     [java]     at
javax.security.auth.login.Configuration$3.run(Configuration.java:246)
     [java]     at java.security.AccessController.doPrivileged(Native
Method)
     [java]     at
javax.security.auth.login.Configuration.getConfiguration(Configuration.j
ava:241)
     [java]     at
javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
     [java]     at java.security.AccessController.doPrivileged(Native
Method)
     [java]     at
javax.security.auth.login.LoginContext.init(LoginContext.java:234)
     [java]     at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
     [java]     at
org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:347)

It seems to be using JAAS rather than JNDI.  Why is that? I would assume
it would
use the Realm from the application-specific context.

Shouldn't what I am trying to do work?

Any help appreciated.

Thanks,

-- Greg

-----Original Message-----
From: Stefan Zoerner [mailto:stefan@labeo.de] 
Sent: Thursday, May 14, 2009 2:22 AM
To: users@directory.apache.org
Subject: Re: [ApacheDS] Using ApacheDS for web authentication

Hi Greg!

Greg Allen wrote:
> I've now gotten ApacheDS embedded in my application.  I can see from
the
> log
> file that it starts up when my webapp starts. 
> 
> Now my question is this - can I use the forms authentication
> (j_securitycheck)
> with the embedded ApacheDS instance?  If I leave the <Realm> defined
in
> the
> Tomcat server.xml, I get connection problems as the embedded ApacheDS
> hasn't
> started yet (and Tomcat just seems to stop there).
> 
> This may be a Tomcat configuration issue, I'm not sure.
> 
> Can anyone help?

I assume, that the startup order is a problem here. The embedded 
ApacheDS is a web application, which starts after the realm.

I am not sure, whether it is possible to configure Tomcat differently
here.

The better solution would be to embed ApacheDS as a Tomcat Ream anyway. 
In order to do so you (we?) have to write a realm which embeds ApacheDS 
instead of a web application which embeds ApacheDS.

In this case, the start order would be no problem, and it would ne much 
clever to do this, because the realm implementation can talk directly to

ApachsDS instead of using the network layer.

I think we (Apache Directory Project) should implement this and provide 
it to our users, It would make a perfect example for embedding ApacheDS 
+ It would help people like you.

Greetings from Hamburg,
     Stefan


__________________________________________________________________________________________________________________
DISCLAIMER:"The information contained in this message and the attachments (if any) may be
privileged and confidential and protected from disclosure. You are hereby notified that any
unauthorized use, dissemination, distribution or copying of this communication, review, retransmission,
or taking of any action based upon this information, by persons or entities other than the
intended recipient, is strictly prohibited. If you are not the intended recipient or an employee
or agent responsible for delivering this message, and have received this communication in
error, please notify us immediately by replying to the message and kindly delete the original
message, attachments, if any, and all its copies from your computer system. Thank you for
your cooperation." 
________________________________________________________________________________________________________________

Mime
View raw message