tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurice Coyle - Sun Microsystems Ireland <M.Co...@Sun.COM>
Subject RE: FORM-based ldap authentication problem
Date Tue, 01 Jul 2003 17:28:48 GMT
i'm pretty sure the j_username is the logical attribute name for the uid.  the 
container manages the internals of the authentication.  is this what you meant?

i wouldn't consider myself any sort of authority on the j_* attributes, i just 
tried them and they worked.  i suspect that this is the root of my problem, so 
if nayone knows of a decent source of info about them i'd appreciate it.



> I haven't tried to set up an LDAP authenticator in Tomcat, but shouldn't
> you have to specify the attribute name for the uid?  You've specified
> the pattern for the search DN, but I would assume you'd have to specify
> "uid" separately somewhere.
> 
> > -----Original Message-----
> > From: Maurice Coyle - Sun Microsystems Ireland
> [mailto:M.Coyle@Sun.COM]
> > Sent: Tuesday, July 01, 2003 10:07 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: RE: FORM-based ldap authentication problem
> > 
> > by all means.  there's 4 basic steps to this:
> > 
> > 1. in server.xml paste the following (replace <YOUR-SERVER> with the
> url
> > of the
> > ldap server and you'll probably have to change the userBase bit too)
> to
> > tell
> > tomcat where to go to authenticate:
> > 
> > 	<Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99"
> >              connectionURL="ldap://<YOUR-SERVER>:389"
> >              userBase="ou=people,dc=sun,dc=com"
> >              userSearch="uid={0}"/>
> > 
> > 
> > 
> > 2. in web.xml, right at the end paste the following (add <url-pattern>
> > tags for
> > whicever other types of files you want protected):
> > 
> >     <security-constraint>
> >        <web-resource-collection>
> >         <web-resource-name>tracker</web-resource-name>
> >         <url-pattern>*.jsp</url-pattern>
> >         <http-method>GET</http-method>
> >         <http-method>POST</http-method>
> >        </web-resource-collection>
> >        <auth-constraint>
> >          <!-- <role-name>std</role-name> -->
> >          <role-name>*</role-name>
> >        </auth-constraint>
> >     </security-constraint>
> > 
> >     <login-config>
> >           <auth-method>FORM</auth-method>
> >           <realm-name>ldapRealm</realm-name>
> >           <form-login-config>
> >                   <form-login-page>/login.jsp</form-login-page>
> >                   <form-error-page>/login_error.jsp</form-error-page>
> >           </form-login-config>
> >     </login-config>
> > 
> > 3. create login.jsp and login_error.jsp and put them in the web-app's
> > document
> > root
> > 
> > login.jsp must include the form with the j_* fields as in the skeleton
> > form
> > below:
> > 
> > <form action="j_security_check" method="POST">
> >    	LDAP Authentication<BR>
> > 
> >    	<strong>Enter UserId</strong><br>
> > 	<input type="text" name="j_username" size="22">
> > 
> > 	<strong>Enter Password</strong><br>
> > 	<input type="password" name="j_password" size="22">
> > 
> > 	<input type="submit" name="Submit" value="Submit">
> > </form>
> > 
> > login_error.jsp can be as simple as:
> > 
> > <html>
> > <body>
> > The system was not able to log you in.<br>
> > <form>
> >     <input type="button" onclick="history.go(-1)" value="Retry"/>
> > </form>
> > </body>
> > </html>
> > 
> > 4. when you've successfully logged in, to get the name of the user
> who's
> > logged
> > in, use String user = request.getRemoteUser();
> > 
> > 
> > hope this helps,
> > maurice
> > 
> > 
> > > Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by
> ezmlm
> > > List-Unsubscribe:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
> > > List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
> > > List-Post: <mailto:tomcat-user@jakarta.apache.org>
> > > List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
> > > Delivered-To: mailing list tomcat-user@jakarta.apache.org
> > > X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
> > > content-class: urn:content-classes:message
> > > Subject: RE: FORM-based ldap authentication problem
> > > Date: Tue, 1 Jul 2003 12:52:46 -0400
> > > X-MS-Has-Attach:
> > > X-MS-TNEF-Correlator:
> > > Thread-Topic: FORM-based ldap authentication problem
> > > Thread-Index: AcM/8O7x+q8RZHTaQ5mM0xzRg5mCtAAACyJA
> > > From: "Pitre, Russell" <RPITRE@shawmut.com>
> > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>, "Maurice
> Coyle
> > - Sun
> > Microsystems Ireland" <M.Coyle@sun.com>
> > > X-OriginalArrivalTime: 01 Jul 2003 16:52:46.0869 (UTC)
> > FILETIME=[32D05C50:01C33FF1]
> > > X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
> > > Content-Transfer-Encoding: 8bit
> > > X-MIME-Autoconverted: from quoted-printable to 8bit by
> > dub-mail1.Ireland.Sun.COM id h61GrEh10906
> > >
> > > I've been trying to get form-based ldap authentication
> working....but no
> > > luck.....do you think
> > > i could see some sample code?
> > >
> > >
> > >
> > > Russ
> > >
> > > -----Original Message-----
> > > From: Maurice Coyle - Sun Microsystems Ireland
> [mailto:M.Coyle@Sun.COM]
> > > Sent: Tuesday, July 01, 2003 12:50 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: FORM-based ldap authentication problem
> > >
> > >
> > > hi all,
> > > i've implemented form-based ldap authentication on my tomcat server.
> it
> > > works
> > > fine in general but from time to time when i enter my ldap username
> and
> > > password, i get a blank page with j_security_check in the location
> > > field.  if i
> > > reload the page, i get the login_error.jsp page and upon reloading
> the
> > > page one
> > > further time, i am logged in successfully.
> > >
> > > this is the exact sequence whenever there is a problem with the
> > > authentication,
> > > i can reload the page 3 times and i get accepted.
> > >
> > > does anyone have a clue what's the cause and if there's a solution?
> > >
> > > appreciate any help,
> > > maurice
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message