I am using the following filter in the web.xml of my application, with it I am able to get authentication over java melody page.
How can I integrate this authentication with LDAP? When I login at localhost:8080/application/monitoring, it will ask credentials and they should be validated against LDAP.
Is it possible to achieve this?
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>10\.10\.10\..*|10\.10\.10\.10|10\.10\.10\..*</param-value>
</init-param>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1, user2:pwd2</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
The following is the configuration that needs to be done in web.xml and
1.server.xml in case of tomcat
2.jetty.xml in case of jetty
web.xml code:
==============
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>127.0.0.1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Monitoring</realm-name>
</login-config>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Monitoring</web-resource-name>
<url-pattern>/monitoring</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<!-- if SSL enabled (SSL and certificate must then be configured in the
server) <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
In Tomcat:
===========
Add the following realm in tomcat_home/conf/server.xml
=======================================================
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://ldapip:ldapport/" userSubtree="true"
userBase="ou=xyz,dc=abc,dc=com" userSearch="(uid={0})"
roleBase="ou=Group,dc=abc,dc=com" roleName="cn"
roleSearch="(memberUid={0})" roleSubtree="true"/>
In Jetty:
===========
Add this code in jetty.xml
<Configure id='wac' class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/abc</Set>
<Set name="war"><Property name="jetty.webapps" default="."/>/abc.war</Set>
<Set name="extractWAR">true</Set>
<Set name="securityHandler">
<New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">Monitoring</Set>
<Set name="loginModuleName">ldaploginmodule</Set>
</New>
</Set>
</New>
</Set>
</Configure>
create a file login.conf file in etc folder of jetty_base directory:
ldaploginmodule {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ldapip"
port="ldapport"
authenticationmenthod="simple"
forceBindingLogin="true"
userBaseDn="ou=People,dc=abc,dc=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userObjectClass="posixAccount"
roleBaseDn="ou=Group,dc=abc,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="memberUid"
roleObjectClass="posixGroup";
};
Related
I have following:
web.xml:
<web-app...>
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>datasource.mceAPPDb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<resource-ref>
</web-app>
glassfish-resource.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
<jdbc-connection-pool name="app_emailverification"
res-type="javax.sql.DataSource"
datasource-classname="oracle.jdbc.pool.OracleDataSource"
pool-resize-quantity="2"
max-pool-size="32"
steady-pool-size="8">
<property name="URL" value="jdbc:oracle:thin:#localhost:1522:MCE0_D1"/>
<property name="user" value="app_emailverification"/>
<property name="datasourceName" value="OracleDataSource"/>
<property name="serverName" value="localhost"/>
<property name="password" value="app_emailverification"/>
</jdbc-connection-pool>
<jdbc-resource enabled="true" jndi-name="datasource.mceAPPDb" object-type="user" pool-name="app_emailverification">
<description>Test DataSource jdbc/testDS for Connection Pool jdbc/testConnPool</description>
</jdbc-resource>
</resources>
and persistence.xml:
<persistence-unit name="mceapp-app-database-model"
transaction-type="JTA">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<jta-data-source>datasource.mceAPPDb</jta-data-source>
...
</persistence-unit>
</persistence>
But when i try to deploy the war in payara server gui....i get an error :
SEVERE: java.lang.RuntimeException: Invalid resource :datasource.mceAPPDb
Whats wrong woth this setup ????
When trying to login as a registered user in LDAP Server, wrong username or password redirect successfully to error page, However when they are correct it didn't grant the user the access with the following error:
HTTP Status 403 - Forbidden.
I'm coding my pages in JSF.
My Glassfish console looks like this.
My web.xml like this :
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<security-role>
<description>all the users with the role Admin</description>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<description>all the users that are authenticated</description>
<role-name>LOGGEDIN_USER</role-name>
</security-role>
<security-role>
<description>all the users that are moderators/extended rights</description>
<role-name>MODERATOR</role-name>
</security-role>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>Secured resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LOGGEDIN_USER</role-name>
<role-name>ADMIN</role-name>
<role-name>MODERATOR</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldapRealm</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
</web-app>
My sun-web.xml has this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/</context-root>
<security-role-mapping>
<role-name>LOGGEDIN_USER</role-name>
<group-name>default</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>MODERATOR</role-name>
<group-name>moderatoren</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>root</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated
servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>
I solved it.
the problem was with the uppercase letters for roles in the web.xml
I tried to make jdbc realm authentication with single table, but it always redirect me to loginerror page.
Here is my settings:
Table (korisnici):
idkorisnika
korIme (it is username)
sifra (it is password)
tipKor (it is role)
Role type's are: admin, radnik and klijent
Password in database is hashed as SHA-256
glassfish-resources.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
<jdbc-resource enabled="true" jndi-name="jdbc/rentacarDatasource" object-type="user" pool-name="jdbcRealmPool">
<description/>
</jdbc-resource>
<jdbc-connection-pool allow-non-component-callers="false" associate-with-thread="false" connection-creation-retry-attempts="0" connection-creation-retry-interval-in-seconds="10" connection-leak-reclaim="false" connection-leak-timeout-in-seconds="0" connection-validation-method="auto-commit" datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" lazy-connection-association="false" lazy-connection-enlistment="false" match-connections="false" max-connection-usage-count="0" max-pool-size="32" max-wait-time-in-millis="60000" name="jdbcRealmPool" non-transactional-connections="false" pool-resize-quantity="2" res-type="javax.sql.ConnectionPoolDataSource" statement-timeout-in-seconds="-1" steady-pool-size="8" validate-atmost-once-period-in-seconds="0" wrap-jdbc-objects="false">
<property name="URL" value="jdbc:mysql://localhost:3306/rentacar?zeroDateTimeBehavior=convertToNull"/>
<property name="User" value="root"/>
<property name="Password" value=""/>
</jdbc-connection-pool>
</resources>
glassfish-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>admin</role-name>
<group-name>admin</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>klijent</role-name>
<group-name>klijent</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>radnik</role-name>
<group-name>radnik</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>AdminConstraint</display-name>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<description/>
<url-pattern>/faces/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>RadnikConstraint</display-name>
<web-resource-collection>
<web-resource-name>radnik</web-resource-name>
<description/>
<url-pattern>/faces/radnik/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>radnik</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>KlijentConstraint</display-name>
<web-resource-collection>
<web-resource-name>klijent</web-resource-name>
<description/>
<url-pattern>/faces/klijent/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>klijent</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc-realm</realm-name>
<form-login-config>
<form-login-page>/faces/login.xhtml</form-login-page>
<form-error-page>/faces/loginerror.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>admin</role-name>
</security-role>
<security-role>
<description/>
<role-name>radnik</role-name>
</security-role>
<security-role>
<description/>
<role-name>klijent</role-name>
</security-role>
</web-app>
persistance.xml
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
<persistence-unit name="RentacarPU" transaction-type="JTA">
<jta-data-source>jdbc/rentacarDatasource</jta-data-source>
<exclude-unlisted-classes>false</exclude-unlisted-classes>
<properties/>
</persistence-unit>
</persistence>
login form
<p:panel header="Login From">
<form method="POST" action="j_security_check">
Username: <input type="text" name="j_username" />
Password: <input type="password" name="j_password" />
<input type="submit" value="Login" />
<input type="reset" value="Reset" />
</form>
</p:panel>
Here is properties for jdbc-realm in glassfish console:
JAAS Context: jdbcRealm
JNDI: jdbc/rentacarDatasource
User Table: korisnici
User Name Column: korIme
Password Column: sifra
Group Table: korisnici
Group Table User Name Column: korIme
Group Name Column: tipKor
Password Encryption Algorithm: AES
Charset: UTF-8
Everytime when i try to log as any type of user it redirect me to loginerror.xhtml
Can someone help me how to solve this problem?
Is there any example how to integrate JASIG CAS with my JBOSS AS 7 application?
So what I have
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
jboss-web.xml:
<jboss-web>
<security-domain>CasSecurityDomain</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
standalone.xml:
<security-domain name="CasSecurityDomain">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required">
<module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"/>
<module-option name="casServerUrlPrefix" value="https://localhost:8443/cas"/>
<module-option name="tolerance" value="20000"/>
<module-option name="defaultRoles" value="user"/>
<module-option name="roleAttributeNames" value="memberOf,eduPersonAffiliation,authorities"/>
<module-option name="principalGroupName" value="CallerPrincipal"/>
<module-option name="roleGroupName" value="Roles"/>
<module-option name="cacheAssertions" value="true"/>
<module-option name="cacheTimeout" value="480"/>
</login-module>
</authentication>
</security-domain>
When i'm trying to get rest
http://localhost:8080/myapp/rest/bpm/processdefinitions
I got error message.
JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied
Whats wrong?
I am getting the following error, which, in my opinion, is leading to "request not granted" response from glassfish server even after a successful login using LDAPRealm.
How can I resolve this?
(unresolved javax.security.jacc.WebUserDataPermission /* null)
(unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
(unresolved javax.security.jacc.WebResourcePermission/*!DELETE,GET,HEAD,OPTIONS,POST,PUT,TRACE)
(unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
my web.xml looks like:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.push.jms.enabled</param-name>
<param-value>false</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
180
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/faces/welcome.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Access</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LDAPRealm</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/login.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>USERS</role-name>
</security-role>
</web-app>