The below post demonstrates a sample configuration of LDAP Server with JBoss Server
Steps:
1. Install OpenDS Directory Server.
2. Import the following LDIF file
***********************************
base.ldif
dn: ou=People,dc=bea,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=faisal,ou=People,dc=bea,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: faisal
cn: Java Duke
sn: Duke
userPassword: faisal
dn: ou=Roles,dc=bea,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=DomainAdmin,ou=Roles,dc=bea,dc=com
objectclass: top
objectclass: groupOfNames
cn: domainAdmin
member: uid=faisal,ou=People,dc=bea,dc=com
description: the domainAdmin group
***********************************
3. Edit the Application Deployment Descriptor (web.xml)
In the web.xml, secure the resource using security constraint
***********************************
web.xml
<security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role my-domainAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>my-domainAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>my-domainAdmin</role-name> </security-role>
***********************************
4. In the jboss-web.xml enable the security domain
jboss-web.xml
***********************************
<jboss-web> <security-domain>java:/jaas/SecureApp</security-domain> </jboss-web>
***********************************
5. Specify the LDAP Login Module.
In the $JBOSS_HOME/server/<server-profile>/conf/login-config.xml apply the application related policy.
***********************************
<application-policy name=”SecureApp”> <authentication> <login-module code=”org.jboss.security.auth.spi.LdapLoginModule” flag=”required”> <module-option name=”java.naming.factory.initial”> com.sun.jndi.ldap.LdapCtxFactory </module-option> <module-option name=”java.naming.provider.url”> ldap://192.168.96.80:389/ </module-option> <module-option name=”java.naming.security.authentication”> simple </module-option> <module-option name=”principalDNPrefix”>uid=</module-option> <module-option name=”principalDNSuffix”> ,ou=People,dc=bea,dc=com </module-option> <module-option name=”rolesCtxDN”> ou=Roles,dc=bea,dc=com </module-option> <module-option name=”uidAttributeID”>member</module-option> <module-option name=”matchOnUserDN”>true</module-option> <module-option name=”roleAttributeID”>cn</module-option> <module-option name=”roleAttributeIsDN”>false </module-option> </login-module> </authentication> </application-policy>
***********************************
6: Test the application.
Deploy the application by placing it in the deploy folder and access it.
A BASIC Authentication window will be popped up.
Log in as faisal/faisal!
Cheers,
Wonders Team. 🙂