i'm want implement ldap validation in jboss 6.4, i'm newbie in area. want explain how understand process, , receive opinion if process if correct or not, because here there several ways it.
1.- define security domain in jboss 6.4, here put ldap role: ldapusermyweb, , password role.
login-config.xml
<application-policy name="ldapmyapp"> <authentication> <login-module code="org.jboss.security.auth.spi.ldapextloginmodule" flag="required" > <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.ldapctxfactory</module-option> <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option> <!-- ldap url--> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="binddn">uid=ldapusermyweb,ou=system</module-option> <module-option name="bindcredential">mypassword</module-option> <module-option name="basectxdn">ou=people,o=sevenseas</module-option> <module-option name="rolesctxdn">ou=groups,o=sevenseas</module-option> </login-module> </authentication> </application-policy>
2.- define in jboss-web.xml in web-inf
<jboss-web> <security-domain>java:/jaas/ldapmyapp</security-domain> </jboss-web>
3.- need restrict specific urls or servlets roles. in example, allow access users in role “ldapusermyweb”,
<security-constraint> <display-name>all resources</display-name> <web-resource-collection> <web-resource-name>all resources</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ldapusermyweb</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>basic</auth-method> </login-config>
3.- in web app (jee6) define httpsessionevent , httpsessionlistener, when session created role: ldapusermyweb.
here need check if user , password exist in ldap, how can take object session info ldap??
your configuration of ldap looks right.
it's not possible retrieve username within httpsessionlistener can filter. please at: getting user name within httpsessionlistener
Comments
Post a Comment