java - LDAP on Jboss 6.4 -


i'm want implement ldap validation in jboss 6.4, i'm newbie in area. want explain how understand process, , receive opinion if process if correct or not, because here there several ways it.

1.- define security domain in jboss 6.4, here put ldap role: ldapusermyweb, , password role.

login-config.xml

<application-policy name="ldapmyapp">  <authentication>  <login-module code="org.jboss.security.auth.spi.ldapextloginmodule" flag="required" >  <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.ldapctxfactory</module-option>  <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option> <!-- ldap url-->  <module-option name="java.naming.security.authentication">simple</module-option>   <module-option name="binddn">uid=ldapusermyweb,ou=system</module-option>  <module-option name="bindcredential">mypassword</module-option>  <module-option name="basectxdn">ou=people,o=sevenseas</module-option>   <module-option name="rolesctxdn">ou=groups,o=sevenseas</module-option>   </login-module>  </authentication> </application-policy> 

2.- define in jboss-web.xml in web-inf

<jboss-web>   <security-domain>java:/jaas/ldapmyapp</security-domain> </jboss-web> 

3.- need restrict specific urls or servlets roles. in example, allow access users in role “ldapusermyweb”,

<security-constraint>   <display-name>all resources</display-name>   <web-resource-collection>    <web-resource-name>all resources</web-resource-name>    <url-pattern>/*</url-pattern>   </web-resource-collection>   <auth-constraint>    <role-name>ldapusermyweb</role-name>   </auth-constraint>  </security-constraint>  <login-config>   <auth-method>basic</auth-method>  </login-config> 

3.- in web app (jee6) define httpsessionevent , httpsessionlistener, when session created role: ldapusermyweb.

here need check if user , password exist in ldap, how can take object session info ldap??

your configuration of ldap looks right.

it's not possible retrieve username within httpsessionlistener can filter. please at: getting user name within httpsessionlistener


Comments