WAS 5.1 LDAP Authentication
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > WebSphere > WebSphere Application Server > WAS 5.1 LDAP Authentication




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    WAS 5.1 LDAP Authentication  


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
09-19-05 11:04 PM

I'm having some difficulty getting my security set up correctly in my applic
ation.  I'm running Wesphere Application Server 5.1.1 and have enabled Globa
l Security using LTPA as the Authentication method with Single Sign on enabl
ed, LDAP as the user regist
ry and it is pointing to Active Directory.

The problem I'm having is that I can map security roles to the individual us
ers within Active Directory, but trying to map to groups is failing.  I put 
a test in my .jsp page and the user that is successfully authenticating is r
eturning true for request.i
sUserInRole("WASAdmins") but taking out the username mappings in t
he EAR Deployment descriptor causes the login return 403 user not authentica
ted.

Here is the message from the SystemOut.log:

[9/19/05 14:51:43:906 EDT] 301ff649 WebCollaborat A SECJ0129E: Authoriza
tion failed for jeremy while invoking GET on default_host:/TestWeb/applicati
on.jsp, Authorization failed, Not granted any of the required roles: WASAdmi
ns

The user is a member of the WASAdmins group in AD, so I'm not sure why this 
would be failing.

Here is the web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//E
N" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp_ID">
<display-name>TestWeb</display-name>
<servlet>
<servlet-name>TestServlet</servlet-name>
<display-name>TestServlet</display-name>
<description></description>
<servlet-class>
TestServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>GetForm</servlet-name>
<display-name>GetForm</display-name>
<description></description>
<servlet-class>
GetForm</servlet-class>
</servlet>
<servlet>
<servlet-name>getMBCMH2070</servlet-name>
<display-name>getMBCMH2070</display-name>
<description></description>
<servlet-class>
GetMBCMH2070</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/TestServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GetForm</servlet-name>
<url-pattern>/GetForm</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getMBCMH2070</servlet-name>
<url-pattern>/getMBCMH2070</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/error500.jsp</location>
</error-page>
<security-constraint>
<display-name>application constraint</display-name>
<web-resource-collection>
<web-resource-name>application</web-resource-name>
<description></description>
<url-pattern>/application.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Application roles</description>
<role-name>WASAdmins</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>WASAdmins</role-name>
</security-role>
</web-app>


And the application.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1
.3//EN" "http://java.sun.com/dtd/application...d">
<application id="Application_ID">
<display-name>TestWebEAR</display-name>
<module id="WebModule_1126313480140">
<web>
<web-uri>TestWeb.war</web-uri>
<context-root>TestWeb</context-root>
</web>
</module>
<security-role id="SecurityRole_1127155464859">
<role-name>WASAdmins</role-name>
</security-role>
</application>

and the ibm-application-bnd.xmi:

<?xml version="1.0" encoding="UTF-8"?>
<applicationbnd:ApplicationBinding xmi:version="2.0" xmlns:xmi="
http://www.omg.org/XMI" xmlns:applicationbnd="applicationbnd.xmi&q
uot; xmi:id="ApplicationBinding_1127155464859">
<authorizationTable xmi:id="AuthorizationTable_1127155464859"&g
t;
<authorizations xmi:id="RoleAssignment_1127155464859">
<users xmi:id="User_1127155951984" name="jeremy"/>
<role href="META-INF/application.xml#SecurityRole_1127155464859"
;/>
<groups xmi:id="Group_1127155464875" name="WASAdmins"
/>
</authorizations>
</authorizationTable>
<application href="META-INF/application.xml#Application_ID"/>
;
</applicationbnd:ApplicationBinding>

Any help on this would be appreciated....




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:24 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register