Converting LDAP from Tomcat to GlassFish

Posted by Jon on Stack Overflow See other posts from Stack Overflow or by Jon
Published on 2010-05-11T12:40:40Z Indexed on 2010/05/11 12:44 UTC
Read the original article Hit count: 268

Filed under:
|
|
|

Hi, I have a simple web-app that is developed in Netbeans(6.8) and works fine in Tomcat(6) using LDAP(Active Directory).

I need to convert this to an EE (JSF2), so I am moving from Tomcat to GlassFish(v3).

I have changed the web files to xhtml and configured the xml files. However, I cannot get the GlassFish LDAP configuration to authenticate.

I am attaching my old web.xml and server.xml (from Tomcat) snippets and the portions of the new web.xml, sun-web.xml, and the GlassFish configuration.

If anyone can help me figure out where I am missing the piece that will allow a user to be authenticated, I would appreciate it. (btw, I am not using roles, just authenticating against the LDAP db is good enought.)

As it is right now, my app will prompt me to enter a user when I try to access a file in the 'protected' area and the GlassFish server throws an exception when it fails to authenticate. Because it works under Tomcat, I know I have the right information, I just don't know how to format it to get GlassFish to pass it along.

Thanks.

TOMCAT FILES: - Tomcat server.xml:

  • web.xml:

    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <description>Authentication Required</description>
      <url-pattern>/faces/protected/*</url-pattern>
    </web-resource-collection>
    
    
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
    

    *

    BASIC Please enter your user name and password:

GLASSFISH FILES: (I enabled the Security Manager on the Security panel, set the Default Realm to 'LDAPRealm', and added "-Djava.naming.referral=follow" JVM options.) - domain.xml:

<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="LdapRealm">
  <property description="()" name="search-bind-password" value="xxxxxxxx" />
  <property description="()" name="search-bind-dn" value="cn=xxxxxxxx,ou=Administrators,ou=Information Technology,ou=ITTS,ou=Administrative,ou=xxx,dc=xxxxxx,dc=xxx" />
  <property name="jaas-context" value="ldapRealm" />
  <property name="base-dn" value="ou=xxx,dc=xxxxxx,dc=xxx" />
  <property name="directory" value="ldap://xxxx.xxxxxx.xxx:389" />
  <property name="search-filter" value="(&amp;(objectClass=user)(sAMAccountName=%s))" />
</auth-realm>

-web.xml:

  <security-constraint>
    <display-name>protected</display-name>

    <web-resource-collection>
      <web-resource-name>ProtectedArea</web-resource-name>
      <description/>
      <url-pattern>/faces/protected/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
      <description/>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <security-role>
    <description/>
    <role-name>*</role-name>
  </security-role>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>LDAPRealm</realm-name>
    <form-login-config>
      <form-login-page>/faces/login.xhtml</form-login-page>
      <form-error-page>/faces/loginError.xhtml</form-error-page>
    </form-login-config>
  </login-config>
  • sun-web.xml:

Here is the exception that it throws:

SEVERE: SEC1113: Exception in LdapRealm when trying to authenticate user.
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: User yyyyyyy not found.
        at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)

© Stack Overflow or respective owner

Related posts about glassfish

Related posts about ldap