1. Add the following snippet to the conf/login-config.xml. You want modify the basefilter and rolefilter as per your needs.
<!-- LDAP Integration Details--> <application-policy name = "testLDAP"> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://LDAPSERVER:389</module-option> <module-option name="bindDN">uid=adminuser,ou=admin,ou=corporate,dc=company,dc=com</module-option> <module-option name="bindCredential">xxxxxxxx</module-option> <module-option name="baseCtxDN">dc=company,dc=com</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">dc=company,dc=com</module-option> <module-option name="roleFilter">(uniquemember={1})</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="roleAttributeID">cn</module-option> <!-- need to understand the impact of enabling roleRecursion --> <module-option name="roleRecursion">0</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> </login-module> </application-policy> 2. A sample web.xml snippet that secures some webpages with roles <security-constraint> <!-- all the pages in this webapp are secured --> <web-resource-collection> <web-resource-name>SecuredPages</web-resource-name> <url-pattern>/index.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WebAccessRole</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>WebAccessRole</role-name> </security-role> 3. Edit the jboss specific web descriptor jboss-web.xml to configure jboss application to use the configured IPlanet LDAP as security domain for authentication purposes. Please add the below lines. <security-domain>java:/jaas/testLDAP</security-domain> <security-role> <role-name>WebAccessRole</role-name> <principal-name>yourLDAPGroup</principal-name> </security-role> 4. 5. To retrieve the roles gathered by the container as part of authentication use the below code snippet. //Get the Authenticated Subject Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); //out.println(subject+""); //Now look for a Group called Roles Set principals = subject.getPrincipals(Principal.class); Iterator iter = principals.iterator(); while(iter.hasNext()) { Principal p = (Principal)iter.next(); out.println("Principals: "+p+""); if(p instanceof SimpleGroup) { SimpleGroup sg = (SimpleGroup)p; if("Roles".equals(sg.getName())) { System.out.println(sg.toString()+""); //Do anything with role here } } } 5. Restart the jboss process View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4049757#4049757 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4049757 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user