problem with LdapLoginModule
shenz Mar 12, 2010 8:05 PMHi,
I've the following problem with the LdapLoginModule (same for the LdapExtLoginModule, which I've tried too):
even I've configured the LdapLoginModule in the login-config.xml, when typing the username and the password in the loginPanel, i.e. when entering the URL
http://loccalhost:8080/myWebApp/web
or
https://localhost:8443/myWebApp/web
where WebApp is a EJB project packed in the an ear file "WebApp.ear"
(a HTTPs connector is enabled and a redirect from HTTP port 8080 to the secure port HTTPs in the server.xml is enabled) on my computer,
I get always the follwing error message
:38:42,107 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
...
I don' t understand why for a user.properties file is searched after.
The according snippet code of the login-config.xml looks like:
<policy>
...
<application-policy name="myWebApp">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://ldap.local/</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<!-- the username is gvine in "uid" not in "cn", i.e.
on commad line you type "ldapsearch -x uid=username in order to get the user information -->
<module-option name="principalDNPrefix">uid=</module-option>
<!-- principalDNSuffix has to be empty because it looks like
ou=<deparment>, ou=users, dc=domainPart1, dc=domainPart2 -->
<module-option name="principalDNSuffix"></module-option>
<module-option name="uidAttributeID">member</module-option>
<!-- all roles could be empty because in our LDAP server no roles are defined --> <module-option name="rolesCtxDN"></module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="roleAttributeID">uid</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
</policy>
The content of the jboss.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>myWebApp</security-domain>
</jboss>
The jboss-web.xml has the content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>java:/jaas/myWebApp</security-domain>
<context-root>/myWebApp</context-root>
</jboss-web>
And the web.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>JAAS</display-name>
<security-constraint>
<display-name>myWebApp</display-name>
<web-resource-collection>
<web-resource-name>instituteKurz</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myWebApp</realm-name>
</login-config>
Can somebody of you help me maybe?
Thx,
Jim