tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barbara Smith" <bsm...@oemworldwide.com>
Subject LDAP Authorization
Date Fri, 11 May 2007 20:43:07 GMT
 

I'm using the Tomcat security example to test my LDAP authorization
configuration.  I am always forwarded to the error page yet I do not see
any errors in the log file.  The configuration and log output is pasted
below.  Please let me know if you see anything that I am missing.  Thank
you, Barbara Smith

 

server.xml

       <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

            connectionName="xxxx"

            connectionPassword="xxx"

            connectionURL="ldap://xxx.xx.x.x:xxx"

            userPattern="sAMAccountName={0}, cn=Users, dc=xxx, dc=com"

            roleBase="dc=xxx, dc=com, cn=Users"

            roleName="cn"

            roleSearch="(memberOf={0})"

 

           

     />

 

web.xml

   <security-constraint>

      <display-name>Example Security Constraint</display-name>

      <web-resource-collection>

         <web-resource-name>Protected Area</web-resource-name>

             <!-- Define the context-relative URL(s) to be protected -->

         <url-pattern>/security/protected/*</url-pattern>

             <!-- If you list http methods, only those methods are
protected -->

             <http-method>DELETE</http-method>

         <http-method>GET</http-method>

         <http-method>POST</http-method>

             <http-method>PUT</http-method>

      </web-resource-collection>

      <auth-constraint>

         <!-- Anyone with one of the listed roles may access this area
-->

<role-name>Users</role-name>

<role-name>supervisors</role-name>

            <role-name>tomcat</role-name>

             <role-name>role1</role-name>

      </auth-constraint>

    </security-constraint>

 

    <!-- Default login configuration uses form-based authentication -->

    <login-config>

      <auth-method>FORM</auth-method>

      <realm-name>Example Form-Based Authentication Area</realm-name>

      <form-login-config>

        <form-login-page>/security/protected/login.jsp</form-login-page>

        <form-error-page>/security/protected/error.jsp</form-error-page>

      </form-login-config>

    </login-config>

        

    <!-- Security roles referenced by this web application -->

   <security-role>

      <role-name>Users</role-name>

    </security-role>

   <security-role>

      <role-name>supervisors</role-name>

    </security-role>

   <security-role>

      <role-name>role1</role-name>

    </security-role>

    <security-role>

      <role-name>tomcat</role-name>

    </security-role>  

 

User.ldif

dn: CN=Barbara Smith,CN=Users,DC=xxx,DC=com

sAMAccountName: bsmith

memberOf: CN=supervisors,CN=Users,DC=xxx,DC=com

 

 

 

Errors in Tomcat log files:

DEBUG http-8080-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Security checking
request POST /jsp-examples/security/protected/j_security_check

DEBUG http-8080-Processor25
org.apache.catalina.authenticator.FormAuthenticator - Authenticating
username 'bsmith'

DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher -
servletPath=/security/protected/error.jsp, pathInfo=null,
queryString=null, name=null

DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher -  Path Based Forward

DEBUG http-8080-Processor25 org.apache.catalina.core.StandardWrapper -
Allocating non-STM instance

DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
- loadClass(org.apache.jsp.security.protected_.error_jsp, false)

DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
-   Searching local repositories

DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
-     findClass(org.apache.jsp.security.protected_.error_jsp)

DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
-   Loading class from local repository

DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher -  Disabling the response
for futher output

DEBUG http-8080-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Failed
authenticate() test ??/jsp-examples/security/protected/j_security_check


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message