Hi,
I have a simple web-app that is developed in Netbeans(6.8) and works fine in Tomcat(6) using LDAP(Active Directory).
I need to convert this to an EE (JSF2), so I am moving from Tomcat to GlassFish(v3).
I have changed the web files to xhtml and configured the xml files. However, I cannot get the GlassFish LDAP configuration to authenticate.
I am attaching my old web.xml and server.xml (from Tomcat) snippets and the portions of the new web.xml, sun-web.xml, and the GlassFish configuration.
If anyone can help me figure out where I am missing the piece that will allow a user to be authenticated, I would appreciate it. (btw, I am not using roles, just authenticating against the LDAP db is good enought.)
As it is right now, my app will prompt me to enter a user when I try to access a file in the 'protected' area and the GlassFish server throws an exception when it fails to authenticate. Because it works under Tomcat, I know I have the right information, I just don't know how to format it to get GlassFish to pass it along.
Thanks.
TOMCAT FILES:
- Tomcat server.xml:
[code] <Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://xxxx.xxxxxx.xxx:389/"
connectionName="cn=xxxxxxxx,ou=Administrators,ou=Information Technology,ou=ITTS,ou=Administrative,ou=xxx,dc=xxxxxx,dc=xxx"
connectionPassword="xxxxxxxx"
authentication="simple"
userBase="ou=xxx,dc=xxxxxx,dc=xxx"
userSubtree="true"
userSearch="sAMAccountName={0}"
/>
[/code]
- web.xml:
[code] <security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>Authentication Required</description>
<url-pattern>/faces/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Please enter your user name and password:</realm-name>
</login-config>
[/code]
GLASSFISH FILES:
(I enabled the Security Manager on the Security panel, set the Default Realm to 'LDAPRealm', and added "-Djava.naming.referral=follow" JVM options.)
- domain.xml:
[code] <auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="LdapRealm">
<property description="()" name="search-bind-password" value="xxxxxxxx" />
<property description="()" name="search-bind-dn" value="cn=xxxxxxxx,ou=Administrators,ou=Information Technology,ou=ITTS,ou=Administrative,ou=xxx,dc=xxxxxx,dc=xxx" />
<property name="jaas-context" value="ldapRealm" />
<property name="base-dn" value="ou=xxx,dc=xxxxxx,dc=xxx" />
<property name="directory" value="ldap://xxxx.xxxxxx.xxx:389" />
<property name="search-filter" value="(&(objectClass=user)(sAMAccountName=%s))" />
</auth-realm>
[/code]
-web.xml:
[code] <security-constraint>
<display-name>protected</display-name>
<web-resource-collection>
<web-resource-name>ProtectedArea</web-resource-name>
<description/>
<url-pattern>/faces/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>*r</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LDAPRealm</realm-name>
<form-login-config>
<form-login-page>/faces/login.xhtml</form-login-page>
<form-error-page>/faces/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
[/code]
- sun-web.xml:
[code] <security-role-mapping>
<role-name>*</role-name>
<group-name>*</group-name>
</security-role-mapping>
[/code]
Here is the exception that it throws:
[code]SEVERE: SEC1113: Exception in LdapRealm when trying to authenticate user.
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: User yyyyyyy not found.
at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)[/code]
[Message sent by forum member 'jontucich']
http://forums.java.net/jive/thread.jspa?messageID=469304