WebSphere Application Server - WAS 5.1 LDAP Authentication

This is Interesting: Free IT Magazines  
Home > Archive > WebSphere Application Server > September 2005 > WAS 5.1 LDAP Authentication





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author WAS 5.1 LDAP Authentication

2005-09-19, 6:04 pm

I'm having some difficulty getting my security set up correctly in my application. I'm running Wesphere Application Server 5.1.1 and have enabled Global Security using LTPA as the Authentication method with Single Sign on enabled, LDAP as the user regist
ry and it is pointing to Active Directory.

The problem I'm having is that I can map security roles to the individual users within Active Directory, but trying to map to groups is failing. I put a test in my .jsp page and the user that is successfully authenticating is returning true for request.i
sUserInRole("WASAdmins") but taking out the username mappings in the EAR Deployment descriptor causes the login return 403 user not authenticated.

Here is the message from the SystemOut.log:

[9/19/05 14:51:43:906 EDT] 301ff649 WebCollaborat A SECJ0129E: Authorization failed for jeremy while invoking GET on default_host:/TestWeb/application.jsp, Authorization failed, Not granted any of the required roles: WASAdmins

The user is a member of the WASAdmins group in AD, so I'm not sure why this would be failing.

Here is the web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp_ID">
<display-name>TestWeb</display-name>
<servlet>
<servlet-name>TestServlet</servlet-name>
<display-name>TestServlet</display-name>
<description></description>
<servlet-class>
TestServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>GetForm</servlet-name>
<display-name>GetForm</display-name>
<description></description>
<servlet-class>
GetForm</servlet-class>
</servlet>
<servlet>
<servlet-name>getMBCMH2070</servlet-name>
<display-name>getMBCMH2070</display-name>
<description></description>
<servlet-class>
GetMBCMH2070</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/TestServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GetForm</servlet-name>
<url-pattern>/GetForm</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getMBCMH2070</servlet-name>
<url-pattern>/getMBCMH2070</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/error500.jsp</location>
</error-page>
<security-constraint>
<display-name>application constraint</display-name>
<web-resource-collection>
<web-resource-name>application</web-resource-name>
<description></description>
<url-pattern>/application.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Application roles</description>
<role-name>WASAdmins</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>WASAdmins</role-name>
</security-role>
</web-app>


And the application.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application...d">
<application id="Application_ID">
<display-name>TestWebEAR</display-name>
<module id="WebModule_1126313480140">
<web>
<web-uri>TestWeb.war</web-uri>
<context-root>TestWeb</context-root>
</web>
</module>
<security-role id="SecurityRole_1127155464859">
<role-name>WASAdmins</role-name>
</security-role>
</application>

and the ibm-application-bnd.xmi:

<?xml version="1.0" encoding="UTF-8"?>
<applicationbnd:ApplicationBinding xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:applicationbnd="applicationbnd.xmi" xmi:id="ApplicationBinding_1127155464859">
<authorizationTable xmi:id="AuthorizationTable_1127155464859">
<authorizations xmi:id="RoleAssignment_1127155464859">
<users xmi:id="User_1127155951984" name="jeremy"/>
<role href="META-INF/application.xml#SecurityRole_1127155464859"/>
<groups xmi:id="Group_1127155464875" name="WASAdmins"/>
</authorizations>
</authorizationTable>
<application href="META-INF/application.xml#Application_ID"/>
</applicationbnd:ApplicationBinding>

Any help on this would be appreciated....


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com