geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wolff, Dave" <DavidWo...@letu.edu>
Subject RE: Problems configuring a web-app to use an LDAP realm
Date Wed, 23 Aug 2006 16:14:32 GMT
I suppose I should clarify...
 
It appears that the LDAP realm I have deployed is working as the packet
sniffer shows all the necessary information from the LDAP server
(binding to LDAP, searching for group memberships, and returning group
memberships); however, the web application always redirects to the
invalid username and password page.  Here is the stacktrace from the
login attempt:
 
10:00:22,701 WARN  [TomcatGeronimoRealm] Login exception authenticating
username "davidwolff"
javax.security.auth.login.LoginException: Error filling callback list
 at
org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLo
ginProxy.java:78)
 at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLog
in(JaasLoginCoordinator.java:199)
 at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login(Jaas
LoginCoordinator.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at
org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(Tomcat
GeronimoRealm.java:325)
 at
org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(Tomcat
GeronimoRealm.java:275)
 at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut
henticator.java:257)
 at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:416)
 at
org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.inv
oke(GeronimoStandardContext.java:342)
 at
org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(Geronim
oBeforeAfterValve.java:31)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)
 at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541
)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86
9)
 at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:667)
 at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:527)
 at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:80)
 at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:684)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.login.LoginException: LDAP Error
 at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPL
oginModule.java:162)
 at
org.apache.geronimo.security.jaas.server.JaasLoginService.performLogin(J
aasLoginService.java:236)
 at
org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLo
ginProxy.java:74)
 ... 29 more
Caused by: javax.security.auth.login.FailedLoginException
 at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPL
oginModule.java:157)
 ... 31 more

________________________________

From: Wolff, Dave [mailto:DavidWolff@letu.edu] 
Sent: Wednesday, August 23, 2006 9:42 AM
To: user@geronimo.apache.org
Subject: Problems configuring a web-app to use an LDAP realm


Hello,
    I've deployed an LDAP realm and now I am having problems deploying a
test web application that uses the global LDAP realm to login.  I've
taken the TimeReportApp example as my test and tried to use my own LDAP
realm for authentication.  The error I'm receiving is a
javax.security.auth.login.LoginException "Error filling callback list" .
I have used a packet sniffer to verify that I'm getting a list of groups
that a user is a member of from LDAP, so it appears that my LDAP
security realm is working appropriately.  
 
Thanks in advance!
Dave Wolff
 
Here is my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
  http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
  version="2.4"> 
  
 <welcome-file-list>
  <welcome-file>index.jsp</welcome-file>
   </welcome-file-list>
   
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>employee</web-resource-name>
   <url-pattern>/employee/*</url-pattern>   
  </web-resource-collection>
  <auth-constraint>
   <role-name>employee</role-name>    
  </auth-constraint>
 </security-constraint>
 
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>manager</web-resource-name>
   <url-pattern>/manager/*</url-pattern>   
  </web-resource-collection>
  <auth-constraint>
   <role-name>manager</role-name>
  </auth-constraint>
 </security-constraint>
 
 <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>letnet-realm</realm-name>
  <form-login-config>
   <form-login-page>/login/login.jsp</form-login-page>
   <form-error-page>/login/login_error.jsp</form-error-page>
  </form-login-config>
 </login-config>
 
 <security-role>
  <role-name>employee</role-name>  
     </security-role>
 <security-role>
  <role-name>manager</role-name>  
    </security-role>
     
    <servlet>
     <display-name>AddTimeRecordServlet</display-name>
     <servlet-name>AddTimeRecordServlet</servlet-name>
 
<servlet-class>org.apache.geronimo.samples.timereport.web.AddTimeRecordS
ervlet</servlet-class>
   </servlet>
   <servlet>
     <display-name>AddEmployeeServlet</display-name>
     <servlet-name>AddEmployeeServlet</servlet-name>
 
<servlet-class>org.apache.geronimo.samples.timereport.web.AddEmployeeSer
vlet</servlet-class>
   </servlet>
   
   <servlet-mapping>
     <servlet-name>AddTimeRecordServlet</servlet-name>
     <url-pattern>/employee/add_timerecord</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
     <servlet-name>AddEmployeeServlet</servlet-name>
     <url-pattern>/manager/add_employee</url-pattern>
    </servlet-mapping>
        
</web-app>
 
And here is the geronimo-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
 xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
 
 <environment>
  <moduleId>
   <artifactId>TimeReportApp</artifactId>
  </moduleId>  
 </environment>
  
 <context-root>/timereport</context-root>
 
 <security-realm-name>letnet-realm</security-realm-name>
 
 <security>
  <default-principal realm-name="letnet-realm">
   <principal name="anonymous"
 
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa
l"
       />
  </default-principal>
  <role-mappings>   
   <role role-name="employee">
    <realm realm-name="letnet-realm">
     <principal name="SG-FacultyStaff" 
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip
al"
        />
    </realm>
   </role>
   <role role-name="manager">
    <realm realm-name="letnet-realm">
     <principal name="SG-FacultyStaff" 
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip
al"
     />     
    </realm>        
   </role>
  </role-mappings>
    </security>
</web-app>

Mime
View raw message