J
jnem1281
has anyone experience with autentication and authorization. I get the
prompt for username and password - the wrong password gets again
prompt, correct password goes to error 403 page
web.xml:
<security-constraint>
<display-name>u¸ivatel</display-name>
<web-resource-collection>
<web-resource-name>users</web-resource-name>
<description>For all users</description>
<url-pattern>/domain_users/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>U¸íváci</description>
<role-name>DomainUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ELZEL_LDAP</realm-name>
</login-config>
<security-role>
<description>u¸ivatelé</description>
<role-name>DomainUsers</role-name>
</security-role>
mapping in sun-web.xml
<security-role-mapping>
<role-name>DomainUsers</role-name>
<group-name>Domain Users</group-name>
</security-role-mapping>
and setting in domain.xml
<auth-realm
classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
name="ELZEL_LDAP">
<property name="directory" value="ldap://******.cz:389"/>
<property name="base-dn" value="DC=*****,DC=cz"/>
<property name="jaas-context" value="ldapRealm"/>
<property name="search-bind-dn" value="******"/>
<property name="search-bind-password" value="******"/>
<property name="search-filter" value="(&(objectClass=user)
(sAMAccountName=%s))"/>
<property name="group-search-filter" value="(&(objectClass=group)
(member=%d))"/>
</auth-realm>
And I am in my wits end ... I have Admin rights in active Directory
and of course I am in Domain Users group (via other group) - I suspect
the code &(objectClass=group)(member=%d)) as problem, but what is
correct???
prompt for username and password - the wrong password gets again
prompt, correct password goes to error 403 page
web.xml:
<security-constraint>
<display-name>u¸ivatel</display-name>
<web-resource-collection>
<web-resource-name>users</web-resource-name>
<description>For all users</description>
<url-pattern>/domain_users/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>U¸íváci</description>
<role-name>DomainUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ELZEL_LDAP</realm-name>
</login-config>
<security-role>
<description>u¸ivatelé</description>
<role-name>DomainUsers</role-name>
</security-role>
mapping in sun-web.xml
<security-role-mapping>
<role-name>DomainUsers</role-name>
<group-name>Domain Users</group-name>
</security-role-mapping>
and setting in domain.xml
<auth-realm
classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
name="ELZEL_LDAP">
<property name="directory" value="ldap://******.cz:389"/>
<property name="base-dn" value="DC=*****,DC=cz"/>
<property name="jaas-context" value="ldapRealm"/>
<property name="search-bind-dn" value="******"/>
<property name="search-bind-password" value="******"/>
<property name="search-filter" value="(&(objectClass=user)
(sAMAccountName=%s))"/>
<property name="group-search-filter" value="(&(objectClass=group)
(member=%d))"/>
</auth-realm>
And I am in my wits end ... I have Admin rights in active Directory
and of course I am in Domain Users group (via other group) - I suspect
the code &(objectClass=group)(member=%d)) as problem, but what is
correct???