Converting LDAP from Tomcat to GlassFish
Posted
by Jon
on Stack Overflow
See other posts from Stack Overflow
or by Jon
Published on 2010-05-11T12:40:40Z
Indexed on
2010/05/11
12:44 UTC
Read the original article
Hit count: 268
Hi, I have a simple web-app that is developed in Netbeans(6.8) and works fine in Tomcat(6) using LDAP(Active Directory).
I need to convert this to an EE (JSF2), so I am moving from Tomcat to GlassFish(v3).
I have changed the web files to xhtml and configured the xml files. However, I cannot get the GlassFish LDAP configuration to authenticate.
I am attaching my old web.xml and server.xml (from Tomcat) snippets and the portions of the new web.xml, sun-web.xml, and the GlassFish configuration.
If anyone can help me figure out where I am missing the piece that will allow a user to be authenticated, I would appreciate it. (btw, I am not using roles, just authenticating against the LDAP db is good enought.)
As it is right now, my app will prompt me to enter a user when I try to access a file in the 'protected' area and the GlassFish server throws an exception when it fails to authenticate. Because it works under Tomcat, I know I have the right information, I just don't know how to format it to get GlassFish to pass it along.
Thanks.
TOMCAT FILES: - Tomcat server.xml:
web.xml:
<web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <description>Authentication Required</description> <url-pattern>/faces/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint>
*
BASIC Please enter your user name and password:
GLASSFISH FILES: (I enabled the Security Manager on the Security panel, set the Default Realm to 'LDAPRealm', and added "-Djava.naming.referral=follow" JVM options.) - domain.xml:
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="LdapRealm">
<property description="()" name="search-bind-password" value="xxxxxxxx" />
<property description="()" name="search-bind-dn" value="cn=xxxxxxxx,ou=Administrators,ou=Information Technology,ou=ITTS,ou=Administrative,ou=xxx,dc=xxxxxx,dc=xxx" />
<property name="jaas-context" value="ldapRealm" />
<property name="base-dn" value="ou=xxx,dc=xxxxxx,dc=xxx" />
<property name="directory" value="ldap://xxxx.xxxxxx.xxx:389" />
<property name="search-filter" value="(&(objectClass=user)(sAMAccountName=%s))" />
</auth-realm>
-web.xml:
<security-constraint>
<display-name>protected</display-name>
<web-resource-collection>
<web-resource-name>ProtectedArea</web-resource-name>
<description/>
<url-pattern>/faces/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LDAPRealm</realm-name>
<form-login-config>
<form-login-page>/faces/login.xhtml</form-login-page>
<form-error-page>/faces/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
sun-web.xml:
Here is the exception that it throws:
SEVERE: SEC1113: Exception in LdapRealm when trying to authenticate user.
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: User yyyyyyy not found.
at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)
© Stack Overflow or respective owner