users@glassfish.java.net

Re: LDAP(S) Realm HTTP 403 error

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Fri, 15 Feb 2008 22:49:00 +0530

I believe the issue is with WhiteSpaces in your (not a 100% sure)

<role-name>All Roles</role-name>

Can you remove the White Spaces and make it <role-name>AllRoles</role-name> because the schemas says it is an xsd:ID

Please see the following :
https://www.opends.org/wiki/page/GlassfishApplicationServer
http://weblogs.java.net/blog/tchangu/archive/2007/01/ldap_security_r.html

Thanks.

glassfish_at_javadesktop.org wrote:

>Hi
>
>I'm using Glassfish V2 and trying to secure a web application using our corporate Active Directory via ldaps://. Idea is to allow anyone who passes the authentication to use the application.
>
>This is what I've added to my web.xml
>
>[code]
><security-constraint>
> <display-name>Entrire Application</display-name>
> <web-resource-collection>
> <web-resource-name>Entire Application</web-resource-name>
> <description/>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>All Roles</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>ActiveDirectory</realm-name>
> </login-config>
>
> <security-role>
> <description/>
> <role-name>All Roles</role-name>
> </security-role>
>[/code]
>
>and to sun-web.xml
>
>[code]
> <security-role-mapping>
> <role-name>All Roles</role-name>
> <group-name>*</group-name>
> </security-role-mapping>
>[/code]
>
>When I test the application, it shows me the login screen for "ActiveDirectory" as expected. However after successfully authenticating HTTP 403 error page is displayed. There is nothing in the log file.
>
>If I enter a wrong password, I see "LDAP bind failed" as expected, with right password no error is reported in the log file, but HTTP Status 403 page is displayed.
>
>Can somebody help me here.
>
>Thanks in advance
>Ramesh
>[Message sent by forum member 'rmsh' (rmsh)]
>
>http://forums.java.net/jive/thread.jspa?messageID=259170
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>