Hi,
I'd like to apply a security constraint for a webapp through a LDAP
server. But I don't want to take account of eventual roles associated
with a user.
Here is a part of my web.xml :
### web.xml : BEGIN ###
<!-- Security constraints -->
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<description>Authenticated users (LDAP)</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyApp Protected Area</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/autherr.html</form-error-page>
</form-login-config>
</login-config>
### web.xml : END ###
As you can see, there's no role specified in the <auth-constraint>
tag, and there's no <security-role> declared, as I precisely don't
want to check roles to access to my webapp.
Here's a part of my context.xml :
### context.xml : BEGIN ###
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="xxx"
connectionPassword="xxx"
connectionURL="ldap://company.com:389";
userBase="ou=people,dc=company,dc=com"
userSearch="(uid={0})"
/>
### context.xml : END ###
Here's the login.html file :
### login.html : BEGIN ###
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login to My Web Application</h1>
<p>
If you have been issued a username and password, key them in here now!
</p>
<form method="POST" action="j_security_check">
Username : <input type="text" size="15" maxlength="25"
name="j_username"><br><br>
Password : <input type="password" size="15" maxlength="25"
name="j_password"><br><br>
<input value="Login" type="submit"> <input
value="Clear" type="reset">
</form>
</body>
</html>
### login.html : END ###
As you can see, I've put the "j_security_check" action, and the
j_username & j_password variables.
The user/password test is correctly checked, and passed, but there's
something wrong because the role doesn't match or something, but I
don't want and I don't need to check roles. How can I achieve it ?
Here's an extract of my log file, that shows that the authentification
succeeds :
### log : BEGIN ###
DEBUG http-8080-Processor23
org.apache.catalina.authenticator.FormAuthenticator - Authenticating
username 'toto'
DEBUG http-8080-Processor23
org.apache.catalina.authenticator.FormAuthenticator - Authentication
of 'toto' was successful
### log : END ###
Thanks in advance,
piloupy
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
