Hi Stefan, I'm not sure this would help me.
I believe I still want to embed ApacheDS in my application - that way I can provide self-registration. I think what you are suggestion to provide would fix my authentication problem but not help with self-registration. I assumed I could fix my problem by simply moving my <Realm> to the context.xml of my web application. I assumed then it would start after the embedded ApacheDS instance. But it doesn't seem to be working. I added this to my web apps's context.xml: <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="uid=admin,ou=system" connectionPassword="secret" connectionURL="ldap://localhost:10389"; digest="SHA" allRolesMode="authOnly" userPassword="userPassword" userPattern="uid={0},ou=accounts,dc=test,dc=org" roleBase="ou=groups,dc=test,dc=org" roleName="cn" roleSearch="(uniqueMember={0})" /> I then start my web application and see the ApacheDS instance started. I navigate to my login page and then hit submit. This appears in the log: [java] May 13, 2009 10:01:15 PM org.apache.catalina.realm.JAASRealm authenticate [java] SEVERE: Unexpected error [java] java.lang.SecurityException: Unable to locate a login configuration [java] at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA ccessorImpl.java:39) [java] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons tructorAccessorImpl.java:27) [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:513) [java] at java.lang.Class.newInstance0(Class.java:355) [java] at java.lang.Class.newInstance(Class.java:308) [java] at javax.security.auth.login.Configuration$3.run(Configuration.java:246) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at javax.security.auth.login.Configuration.getConfiguration(Configuration.j ava:241) [java] at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at javax.security.auth.login.LoginContext.init(LoginContext.java:234) [java] at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) [java] at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:347) It seems to be using JAAS rather than JNDI. Why is that? I would assume it would use the Realm from the application-specific context. Shouldn't what I am trying to do work? Any help appreciated. Thanks, -- Greg -----Original Message----- From: Stefan Zoerner [mailto:[email protected]] Sent: Thursday, May 14, 2009 2:22 AM To: [email protected] Subject: Re: [ApacheDS] Using ApacheDS for web authentication Hi Greg! Greg Allen wrote: > I've now gotten ApacheDS embedded in my application. I can see from the > log > file that it starts up when my webapp starts. > > Now my question is this - can I use the forms authentication > (j_securitycheck) > with the embedded ApacheDS instance? If I leave the <Realm> defined in > the > Tomcat server.xml, I get connection problems as the embedded ApacheDS > hasn't > started yet (and Tomcat just seems to stop there). > > This may be a Tomcat configuration issue, I'm not sure. > > Can anyone help? I assume, that the startup order is a problem here. The embedded ApacheDS is a web application, which starts after the realm. I am not sure, whether it is possible to configure Tomcat differently here. The better solution would be to embed ApacheDS as a Tomcat Ream anyway. In order to do so you (we?) have to write a realm which embeds ApacheDS instead of a web application which embeds ApacheDS. In this case, the start order would be no problem, and it would ne much clever to do this, because the realm implementation can talk directly to ApachsDS instead of using the network layer. I think we (Apache Directory Project) should implement this and provide it to our users, It would make a perfect example for embedding ApacheDS + It would help people like you. Greetings from Hamburg, Stefan __________________________________________________________________________________________________________________ DISCLAIMER:"The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation." ________________________________________________________________________________________________________________
