ldap authentication jboss Archive

LDAP Authentication on JBoss

The below post demonstrates a sample configuration of LDAP Server with JBoss Server

Steps:

1. Install OpenDS Directory Server.

2. Import the following LDIF file

***********************************

base.ldif

dn: ou=People,dc=bea,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=faisal,ou=People,dc=bea,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: faisal
cn: Java Duke
sn: Duke
userPassword: faisal

dn: ou=Roles,dc=bea,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=DomainAdmin,ou=Roles,dc=bea,dc=com
objectclass: top
objectclass: groupOfNames
cn: domainAdmin
member: uid=faisal,ou=People,dc=bea,dc=com
description: the domainAdmin group

***********************************

3.  Edit the Application Deployment Descriptor (web.xml)

In the web.xml, secure the resource using security constraint

***********************************

web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role my-domainAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>my-domainAdmin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>

<security-role>
<role-name>my-domainAdmin</role-name>
</security-role>

***********************************

4. In the jboss-web.xml enable the security domain

jboss-web.xml

***********************************

<jboss-web>
<security-domain>java:/jaas/SecureApp</security-domain>
</jboss-web>

***********************************

5. Specify the LDAP Login Module.

In the $JBOSS_HOME/server/<server-profile>/conf/login-config.xml apply the application related policy.

***********************************

<application-policy name=”SecureApp”>
<authentication>
<login-module code=”org.jboss.security.auth.spi.LdapLoginModule”
flag=”required”>
<module-option name=”java.naming.factory.initial”>
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name=”java.naming.provider.url”>
ldap://192.168.96.80:389/
</module-option>
<module-option name=”java.naming.security.authentication”>
simple
</module-option>
<module-option name=”principalDNPrefix”>uid=</module-option>
<module-option name=”principalDNSuffix”>
,ou=People,dc=bea,dc=com
</module-option>

<module-option name=”rolesCtxDN”>
ou=Roles,dc=bea,dc=com
</module-option>
<module-option name=”uidAttributeID”>member</module-option>
<module-option name=”matchOnUserDN”>true</module-option>

<module-option name=”roleAttributeID”>cn</module-option>
<module-option name=”roleAttributeIsDN”>false </module-option>
</login-module>
</authentication>

</application-policy>

***********************************

6: Test the application.

Deploy the application by placing it in the deploy folder and access it.
A BASIC Authentication window will be popped up.

Log in as faisal/faisal!

Cheers,

Wonders Team. 🙂