Tomcat 403 error after LDAP authentication.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by user352636 on Stack Overflow See other posts from Stack Overflow or by user352636
Published on 2010-06-16T15:47:19Z Indexed on 2010/06/17 7:43 UTC
Read the original article Hit count: 355

Filed under:
|
|

I'm currently trying to use an LDAP server to authenticate users who are trying to access our Tomcat setup. I believe I have managed to get the LDAP authentication working in the form of a JNDI realm call from Tomcat, but immediately after the user enters their password Tomcat starts throwing 403 (permission denied) errors for everything except from the root page (ttp://localhost:1337/). I have no idea why this is happening. I am following the example at http://blog.mc-thias.org/?title=tomcat_ldap_authentication&more=1&c=1&tb=1&pb=1 .


server.xml (the interesting/changed bits)

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" 
connectionURL="ldap://localhost:389"
userPattern="uid={0},ou=People,o=test,dc=company,dc=uk"
userSubTree="true" 
roleBase="ou=Roles,o=test,dc=company,dc=uk"
roleName="cn"
roleSearch="memberUid={1}"
/>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />

web.xml (the interesting/changed bits)

 <security-constraint>
  <display-name>Security Constraint</display-name>
  <web-resource-collection>
   <web-resource-name>Protected Area</web-resource-name>
        <!-- Define the context-relative URL(s) to be protected -->
        <url-pattern>/*</url-pattern>
        <!-- If you list http methods, only those methods are protected -->
     </web-resource-collection>
     <auth-constraint>
        <!-- Anyone with one of the listed roles may access this area -->
        <role-name>admin</role-name>
   <role-name>regular</role-name>
     </auth-constraint>
 </security-constraint>

 <!-- Default login configuration uses form-based authentication -->
 <login-config>
     <auth-method>BASIC</auth-method>
 </login-config>

 <!-- Security roles referenced by this web application -->
 <security-role>
     <role-name>admin</role-name>
  <role-name>regular</role-name>
 </security-role>

I cannot access my LDAP setup at the moment, but I believe it is alright as the login is accepted by the BASIC auth method, it's just tomcat that is rejecting it. The roles should be as defined in web.xml - admin and regular.

If there is any other information you require me to provide, please just ask! My thanks in advance to anyone who can help, and my apologies for any major mistakes I have made - yesterday was pretty much the first time I'd ever heard of LDAP =D.

EDIT: Fixed the second xml segment. Apologies for the formating-fail.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about tomcat

Related posts about ldap

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle