Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] ldaploginmodule problems

I am trying to setup Jetty to Authentication via LDAP and JAAS. I am
using jetty-hightide-7.5.1.v20110908 and modifying the test-jaas web
app to use ldap, instead of local files. Basically what I want to do
is require a valid LDAP account, and member of a specific group to
access certain pages and certain web-apps.

So far I have things working to where it is querying LDAP for users,
credentials and roles and from what I can tell so far its getting the
right data. However right after searching ldap for roles I get the
following error in the jetty logs



2011-10-03 18:59:57.305:DBUG:oejw.WebAppClassLoader:loaded class
com.sun.jndi.ldap.LdapCtxFactory from null
2011-10-03 18:59:57.364:DBUG:oejpjs.LdapLoginModule:Searching for
users with filter: '(&(objectClass={0})({1}={2}))' from base dn:
ou=Users,dc=foo,dc=net
2011-10-03 18:59:57.397:DBUG:oejpjs.LdapLoginModule:Found user?: true
2011-10-03 18:59:57.397:INFO:oejpjs.LdapLoginModule:Searching for
users with filter: '(&(objectClass={0})({1}={2}))' from base dn:
ou=Users,dc=foo,dc=net
2011-10-03 18:59:57.424:INFO:oejpjs.LdapLoginModule:Found user?: true
2011-10-03 18:59:57.425:DBUG:oejpjs.LdapLoginModule:user cred is:
{crypt}$1$AJASFBFF$U.WOQmFxbtW.gFet8qly61
2011-10-03 18:59:57.447:DBUG:oejpjs.LdapLoginModule:Found user roles?: true
2011-10-03 18:59:57.450:WARN:oejpj.JAASLoginService:
javax.security.auth.login.LoginException: Login Failure: all modules ignored
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
        at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:217)
        at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:184)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:442)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:940)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)


2011-10-03 18:59:57.451:DBUG:oejsa.FormAuthenticator:Form
authentication FAILED for lrsmith
2011-10-03 18:59:57.451:DBUG:oejs.Server:RESPONSE
/test-jaas/j_security_check  302
2011-10-03 18:59:57.451:DBUG:oejs.AsyncHttpConnection:async request
(null null)@791561201 org.eclipse.jetty.server.Request@2f2e43f1
2011-10-03 18:59:57.453:DBUG:oejs.AsyncHttpConnection:async request
(null null)@791561201 org.eclipse.jetty.server.Request@2f2e43f1
2011-10-03 18:59:57.453:DBUG:oejs.Server:REQUEST
/test-jaas/authfail.html on
org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@14a97f68@192.168.1.31:8080<->192.168.1.89:52551


I also kicked up the logging on the ldap server to see the search
parameters and results returned and they look right.

My ldapmodile configuration is



ldaploginmodule {
  org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
  debug="true"
  contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
  hostname="127.0.0.1"
  port="389"
  bindDn="cn=jetty,ou=Services,dc=foo,dc=net"
  bindPassword="PASSWORD"
  authenticationMethod="simple"
  forceBindingLogin="false"
  userBaseDn="ou=Users,dc=foo,dc=net"
  userRdnAttribute="uid"
  userIdAttribute="uid"
  userPasswordAttribute="userPassword"
  userObjectClass="inetOrgPerson"
  roleBaseDn="ou=Group,dc=foo,dc=net"
  roleNameAttribute="cn"
  roleMemberAttribute="memberUid"
  roleObjectClass="posixGroup";
};

I modified etc/jetty-jaas.xml in the following way


       <!--    <Set name="LoginModuleName">xyz</Set> -->
           <Set name="LoginModuleName">ldaploginmodule</Set>


and then in the webapps/test-jaas/WEB-INF/web.xml

the only change was to set <role-name>roleA<role-name> to the name of
a LDAP group.


Any help would be appreciated.


Back to the top