users@glassfish.java.net

Ldap Realm in cluster profile

From: <glassfish_at_javadesktop.org>
Date: Wed, 24 Oct 2007 06:16:29 PDT

Hi,

I installed a clustered environment of GlassFish v2 and defined a single instance server to handle my applications.

my environment looks like this:

- Server
   - server config -> admin realm, file based
- template
  - template config -> ldap realm per default

The ldap realm is defined in the template config. The server config (and the default config) don't know the ldap realm.

The ldap real is configured correctly. When I set the security logs to finest, I can see that my user (jgranat) is found, correctly authenticated and that its roles are retrieved.

The problem is that the application server still tell me that I don't have the right to access the page.

see attached file for the last entries in the log.

The application is pretty simple (something like hello world with a login form) and everything is protected (see the web.xml for more details).

Here is the sun-web.xml file (I can only upload 2 files):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-1.dtd">
<sun-web-app>
  <context-root>/rsd/SecurityTest</context-root>
   <security-role-mapping>
      <role-name>loginUser</role-name>
      <group-name>rs_admin</group-name>
  </security-role-mapping>
</sun-web-app>

Do I need to define the Realm in the admin server? I don't understand why the role and the group are not mapped...

greets
jeremie
[Message sent by forum member 'granat' (granat)]

http://forums.java.net/jive/thread.jspa?messageID=241865