[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] ldaploginmodule problems
|
I am trying to setup Jetty to Authentication via LDAP and JAAS. I am
using jetty-hightide-7.5.1.v20110908 and modifying the test-jaas web
app to use ldap, instead of local files. Basically what I want to do
is require a valid LDAP account, and member of a specific group to
access certain pages and certain web-apps.
So far I have things working to where it is querying LDAP for users,
credentials and roles and from what I can tell so far its getting the
right data. However right after searching ldap for roles I get the
following error in the jetty logs
2011-10-03 18:59:57.305:DBUG:oejw.WebAppClassLoader:loaded class
com.sun.jndi.ldap.LdapCtxFactory from null
2011-10-03 18:59:57.364:DBUG:oejpjs.LdapLoginModule:Searching for
users with filter: '(&(objectClass={0})({1}={2}))' from base dn:
ou=Users,dc=foo,dc=net
2011-10-03 18:59:57.397:DBUG:oejpjs.LdapLoginModule:Found user?: true
2011-10-03 18:59:57.397:INFO:oejpjs.LdapLoginModule:Searching for
users with filter: '(&(objectClass={0})({1}={2}))' from base dn:
ou=Users,dc=foo,dc=net
2011-10-03 18:59:57.424:INFO:oejpjs.LdapLoginModule:Found user?: true
2011-10-03 18:59:57.425:DBUG:oejpjs.LdapLoginModule:user cred is:
{crypt}$1$AJASFBFF$U.WOQmFxbtW.gFet8qly61
2011-10-03 18:59:57.447:DBUG:oejpjs.LdapLoginModule:Found user roles?: true
2011-10-03 18:59:57.450:WARN:oejpj.JAASLoginService:
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:217)
at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:184)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:442)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:940)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)
2011-10-03 18:59:57.451:DBUG:oejsa.FormAuthenticator:Form
authentication FAILED for lrsmith
2011-10-03 18:59:57.451:DBUG:oejs.Server:RESPONSE
/test-jaas/j_security_check 302
2011-10-03 18:59:57.451:DBUG:oejs.AsyncHttpConnection:async request
(null null)@791561201 org.eclipse.jetty.server.Request@2f2e43f1
2011-10-03 18:59:57.453:DBUG:oejs.AsyncHttpConnection:async request
(null null)@791561201 org.eclipse.jetty.server.Request@2f2e43f1
2011-10-03 18:59:57.453:DBUG:oejs.Server:REQUEST
/test-jaas/authfail.html on
org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@14a97f68@192.168.1.31:8080<->192.168.1.89:52551
I also kicked up the logging on the ldap server to see the search
parameters and results returned and they look right.
My ldapmodile configuration is
ldaploginmodule {
org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="127.0.0.1"
port="389"
bindDn="cn=jetty,ou=Services,dc=foo,dc=net"
bindPassword="PASSWORD"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=Users,dc=foo,dc=net"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="ou=Group,dc=foo,dc=net"
roleNameAttribute="cn"
roleMemberAttribute="memberUid"
roleObjectClass="posixGroup";
};
I modified etc/jetty-jaas.xml in the following way
<!-- <Set name="LoginModuleName">xyz</Set> -->
<Set name="LoginModuleName">ldaploginmodule</Set>
and then in the webapps/test-jaas/WEB-INF/web.xml
the only change was to set <role-name>roleA<role-name> to the name of
a LDAP group.
Any help would be appreciated.