Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to get
Tomcat to work with Oracle's LDAP implementation (OiD) for authentication
purposes. I just wanted to know if anyone has ever tried this. I cant get it
to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication --
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site but
it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And
yes I have Users and Roles under OiD assigned.
Any help will be greatly appreciated.
Thanks
Adil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
I got this working but it is kind of convoluted because of the way OiD
encrypts passwords.
OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I
think SHA may work also, but I have not tried it. MD5 and SHA are the
only algorithms supported by the Sun JDK, which is the source of the
limitation if I am not mistaken). So you need to configure OiD to use
MD5. On top of that, OiD does a base-64 encoding of the digested
password, and then prefixes it with the name of the digestion algorithm
used in braces. So, if a user has the password welcome, the OiD
userPassword attribute will be the MD5 digest of welcome, which is
then base-64 encoded and prefixed with {MD5}.
The only way I could get it to work is to use form based authentication
with no digest. The target of the login form is a handler that performs
an MD5 digestion and base-64 encoding and then prefixes the password
with {MD5}, then forwards the request to j_security_check.
- Doug
-Original Message-
From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 9:40 AM
To: '[EMAIL PROTECTED]'
Subject: Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to
get Tomcat to work with Oracle's LDAP implementation (OiD) for
authentication purposes. I just wanted to know if anyone has ever tried
this. I cant get it to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those
methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may
access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication
--
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication
Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site
but it cannot authenticate. Has anyone ever tried Oracle and Tomcat
before? And yes I have Users and Roles under OiD assigned.
Any help will be greatly appreciated.
Thanks
Adil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
Hello Doug,
Can you explain in detail what you did do make it to work. I mean creating
the Roles in OiD mainly. How did you create the Users and Roles in OiD. I am
new to OiD.. so if you can send me a sample LDIF file that will be great.
Thanks
Adil
-Original Message-
From: Doug Redd [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 1:37 PM
To: Tomcat Users List
Subject: RE: Tomcat with Oracle Internet Directory
I got this working but it is kind of convoluted because of the way OiD
encrypts passwords.
OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I
think SHA may work also, but I have not tried it. MD5 and SHA are the
only algorithms supported by the Sun JDK, which is the source of the
limitation if I am not mistaken). So you need to configure OiD to use
MD5. On top of that, OiD does a base-64 encoding of the digested
password, and then prefixes it with the name of the digestion algorithm
used in braces. So, if a user has the password welcome, the OiD
userPassword attribute will be the MD5 digest of welcome, which is
then base-64 encoded and prefixed with {MD5}.
The only way I could get it to work is to use form based authentication
with no digest. The target of the login form is a handler that performs
an MD5 digestion and base-64 encoding and then prefixes the password
with {MD5}, then forwards the request to j_security_check.
- Doug
-Original Message-
From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 9:40 AM
To: '[EMAIL PROTECTED]'
Subject: Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to
get Tomcat to work with Oracle's LDAP implementation (OiD) for
authentication purposes. I just wanted to know if anyone has ever tried
this. I cant get it to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those
methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may
access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication
--
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication
Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site
but it cannot authenticate. Has anyone ever tried Oracle and Tomcat
before? And yes I have Users and Roles under OiD assigned.
Any help will be greatly appreciated.
Thanks
Adil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
You could use something like this to set up a user (expanding on your
earlier example):
dn: dc=users,dc=com
objectclass: top
objectclass: orclContainer
cn: users
dn: cn=someuser, dc=users,dc=com
objectclass: person
objectclass: top
objectclass: inetOrgPerson
sn: someuser
cn: someuser
And something like this to set up a role with the new user as a member
dn: dc=roles,dc=com
objectclass: orclContainer
objectclass: top
cn: roles
dn: cn=somerole, dc=roles,dc=com
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: cn=someuser, dc=users,dc=com
cn: somerole
Then in your realm you would need roleName=cn and
userPattern=cn={0},dc=users,dc=com
The Tomcat 4.1 docs cover this quite well at
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
-Original Message-
From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 10:57 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat with Oracle Internet Directory
Hello Doug,
Can you explain in detail what you did do make it to work. I mean
creating the Roles in OiD mainly. How did you create the Users and Roles
in OiD. I am new to OiD.. so if you can send me a sample LDIF file that
will be great.
Thanks
Adil
-Original Message-
From: Doug Redd [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 1:37 PM
To: Tomcat Users List
Subject: RE: Tomcat with Oracle Internet Directory
I got this working but it is kind of convoluted because of the way OiD
encrypts passwords.
OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I
think SHA may work also, but I have not tried it. MD5 and SHA are the
only algorithms supported by the Sun JDK, which is the source of the
limitation if I am not mistaken). So you need to configure OiD to use
MD5. On top of that, OiD does a base-64 encoding of the digested
password, and then prefixes it with the name of the digestion algorithm
used in braces. So, if a user has the password welcome, the OiD
userPassword attribute will be the MD5 digest of welcome, which is
then base-64 encoded and prefixed with {MD5}.
The only way I could get it to work is to use form based authentication
with no digest. The target of the login form is a handler that performs
an MD5 digestion and base-64 encoding and then prefixes the password
with {MD5}, then forwards the request to j_security_check.
- Doug
-Original Message-
From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 9:40 AM
To: '[EMAIL PROTECTED]'
Subject: Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to
get Tomcat to work with Oracle's LDAP implementation (OiD) for
authentication purposes. I just wanted to know if anyone has ever tried
this. I cant get it to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those
methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may
access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication
--
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication
Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site
but it cannot authenticate. Has anyone ever tried Oracle
