tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aurélien Allienne" <allie...@gmail.com>
Subject JNDI Problem
Date Mon, 23 Apr 2007 13:28:55 GMT
HI,

I have a problem with JNDIRealm.

I have this context.xml :

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test"
     docBase="test"
             debug="0"
             privileged="false"
             reloadable="false">
              <Realm className="org.apache.catalina.realm.JNDIRealm"

connectionName="uid=tomcat,ou=appli,dc=univ-lille2,dc=fr"
                     connectionPassword="g72jfacc"
                     digest="SHA"
                     connectionURL="ldap://ldapmasta:1389"
                     userBase="ou=people,dc=univ-lille2,dc=fr"
                     userSearch="(supannAliasLogin={0})"
                     roleBase="ou=appli,dc=univ-lille2,dc=fr"
                     roleSubtree="true"
                     roleName="cn"
                     roleSearch="(member={0})"
                     debug="99"/>
                     <!--resourceName="UserDatabase"
                     /-->
</Context>


And this web.xml :

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

    <web-app>
      <display-name>My secure webapp</display-name>
        <security-constraint>
                  <web-resource-collection>
                         <web-resource-name>My secure
webapp</web-resource-name>
                         <description> accessible by authenticated users of
the admin role</description>
                         <url-pattern>/*</url-pattern>
                         <http-method>GET</http-method>
                         <http-method>POST</http-method>
                         <http-method>PUT</http-method>
                         <http-method>DELETE</http-method>
                   </web-resource-collection>
                   <auth-constraint>
                        <description>These roles are allowed
access</description>
                        <role-name>tomcat admin agenda</role-name>
                   </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>My secure webapp</realm-name>
                <form-login-config>
                        <form-login-page>/login.html</form-login-page>
                        <form-error-page>/autherr.html</form-error-page>
                        <form-default-page>/index.html</form-default-page>
                </form-login-config>
        </login-config>

        <security-role>
                <description>Only 'admin' role is allowed to access this web
application</description>
                <role-name>tomcat admin agenda</role-name>
        </security-role>

</web-app>


I want to authenticate users and get their Roles but in my tomcat.log I have
:

 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles

In my ldap i have a "super user" name tomcat who can see all information. I
use it for log in. After I search after a user and this roles. But there is
a problem. I have a group in ldap "tomcat admin agenda" and a user for this
group, me :)

Thanks for your help

Aurelien Allienne

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message