1 Reply Latest reply on Jan 30, 2012 3:00 PM by spolti

    jmx-console ldap authentication

    spolti

      Hello folks.

       

       

      I have been trying use ldap to authenticate jmx-console users, but i got the follow error when i type user/pass:

       

       

      HTTP Status 403 - Access to the requested resource has been denied


      type Status report

      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

       

       

       

      Anyone knows what it can be?

       

       

      Thx.

        • 1. Re: jmx-console ldap authentication
          spolti

          Hi everyone,

           

          I managed to solve the problem.

           

          We need change de web.xml from jmx-console specifying the "realm", like that:

           

          <realm-name>admin</realm-name>

           

          and in the login-config.xml we need put this tag too.

          Still on web.xml I removed the role-name by "*".

           

          The tags security-constraint, login-config and security-role were so:

           


           

          <security-constraint>

               <web-resource-collection>

                 <web-resource-name>HtmlAdaptor</web-resource-name>

                 <description>Testing Ldap authentication</description>

                 <url-pattern>/*</url-pattern>

               </web-resource-collection>

               <auth-constraint>

                 <role-name>*</role-name>

               </auth-constraint>

             </security-constraint>

           

             <login-config>

                <auth-method>BASIC</auth-method>

                <realm-name>admin</realm-name>

             </login-config>

           

             <security-role>

                <role-name>*</role-name>

             </security-role>

           

           

          And following my login-config:

           

          <application-policy name="testLdap">
                <authentication>
                  <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
                                flag="required">
                      <module-option name="java.naming.factory.initial">
                          com.sun.jndi.ldap.LdapCtxFactory
                          </module-option>
                      <module-option name="java.naming.provider.url">
                          ldap://127.0.0.1:389/
                      </module-option>
                      <module-option name="java.naming.security.authentication">
                          simple
                      </module-option>
                      <module-option name="realm">admin</module-option>
                      <module-option name="principalDNPrefix">uid=</module-option>
                      <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=com</module-option>
                      <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=com</module-option>
                      <module-option name="uidAttributeID">member</module-option>
                      <module-option name="matchOnUserDN">true</module-option>
                      <module-option name="roleAttributeID">cn</module-option>
                      <module-option name="roleAttributeIsDN">false</module-option>
                  </login-module>
              </authentication>
          </application-policy>

           

           

           

          Regards!