1 Reply Latest reply: Jan 30, 2012 3:00 PM by Filippe Spolti RSS

jmx-console ldap authentication

Filippe Spolti Novice

Hello folks.

 

 

I have been trying use ldap to authenticate jmx-console users, but i got the follow error when i type user/pass:

 

 

HTTP Status 403 - Access to the requested resource has been denied


type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

 

 

 

Anyone knows what it can be?

 

 

Thx.

  • 1. Re: jmx-console ldap authentication
    Filippe Spolti Novice

    Hi everyone,

     

    I managed to solve the problem.

     

    We need change de web.xml from jmx-console specifying the "realm", like that:

     

    <realm-name>admin</realm-name>

     

    and in the login-config.xml we need put this tag too.

    Still on web.xml I removed the role-name by "*".

     

    The tags security-constraint, login-config and security-role were so:

     


     

    <security-constraint>

         <web-resource-collection>

           <web-resource-name>HtmlAdaptor</web-resource-name>

           <description>Testing Ldap authentication</description>

           <url-pattern>/*</url-pattern>

         </web-resource-collection>

         <auth-constraint>

           <role-name>*</role-name>

         </auth-constraint>

       </security-constraint>

     

       <login-config>

          <auth-method>BASIC</auth-method>

          <realm-name>admin</realm-name>

       </login-config>

     

       <security-role>

          <role-name>*</role-name>

       </security-role>

     

     

    And following my login-config:

     

    <application-policy name="testLdap">
          <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
                          flag="required">
                <module-option name="java.naming.factory.initial">
                    com.sun.jndi.ldap.LdapCtxFactory
                    </module-option>
                <module-option name="java.naming.provider.url">
                    ldap://127.0.0.1:389/
                </module-option>
                <module-option name="java.naming.security.authentication">
                    simple
                </module-option>
                <module-option name="realm">admin</module-option>
                <module-option name="principalDNPrefix">uid=</module-option>
                <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=com</module-option>
                <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=com</module-option>
                <module-option name="uidAttributeID">member</module-option>
                <module-option name="matchOnUserDN">true</module-option>
                <module-option name="roleAttributeID">cn</module-option>
                <module-option name="roleAttributeIsDN">false</module-option>
            </login-module>
        </authentication>
    </application-policy>

     

     

     

    Regards!