[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Tutorial for setup of Authentication in JBoss?

Thu, 09 Jul 2009 16:00:59 -0700 

defaultRole doesn't work exactly as I expected - you still need to provide role 
search info. But here is something that worked for me. I want anyone who logs 
in to have the "loggedin" role, and I want to use only that role in web.xml 
(and other locations) to provide access control. I was able to do this with the 
following ling module (with obfuscated data, this is for Exchange 2003 which 
doesn't allow anonymous access, hence the bindDN entry):

  <application-policy name="peterj">
  |     <authentication>
  |       <login-module flag="required" 
code="org.jboss.security.auth.spi.LdapExtLoginModule">
  |         <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |         <module-option 
name="java.naming.provider.url">ldap://xxx:389/</module-option>
  |         <module-option 
name="java.naming.security.authentication">simple</module-option>
  |         <module-option name="bindDN">--full DN for my 
account--</module-option>
  |         <module-option name="bindCredential">--my password--</module-option>
  |         <module-option 
name="baseCtxDN">OU=Users,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=com</module-option>
  |         <module-option 
name="baseFilter">(sAMAccountName={0})</module-option>
  |         <module-option name="defaultRole">loggedin</module-option>
  |         <module-option 
name="rolesCtxDN">OU=Groups,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=com</module-option>
  |         <module-option name="roleFilter">(member={1})</module-option>
  |         <module-option name="roleAttributeIsDN">true</module-option>
  |         <module-option name="roleNameAttributeID">name</module-option>
  |       </login-module>
  |     </authentication>
  |   </application-policy>

In typical Exchange fashion, all users are define in OU=Users, and they belong 
to security groups defined by OU=Groups. The groups have an attribute named 
"member" which contains the users in that role.

I will now see if there is any way I can lookup a simple attribute value of the 
User to set a role, but offhand I don't see anything in LdapExtLoginModule that 
will let me do this. If that fails, I will try using LdapLoginModule.

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242727#4242727

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4242727
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to