How to map Ldap groups to Tomcat Roles (Java) -


i writing web project using servlets/jsp etc.. @ moment program uses basic authentication security.. work want security roles picked our active directory.

i have modified apache's server.xml following:

<realm classname="org.apache.catalina.realm.jndirealm" debug="99"        connectionurl="ldap://adclds001.mycompgroup.local:389"        connectionname="************.local:389"        connectionpassword="********"        userpattern="cn={0},ou=trainers, ou=academy, ou=staff, ou=users, ou=uk, ou=countries, dc=mycompgroup, dc=local"        rolebase="ou=trainers, ou=academy, ou=staff, ou=users, ou=uk, ou=countries, dc=mycompgroup, dc=local"        rolename="cn"        rolesearch="member={0}"      />

the authentication works fine, not know how map ldap groups tomcat roles.

i have tried adding things group-name entries deployment descriptor no avail.

i have heard extending jndirealm class , overriding getroles method might give me want..but cant find full details on might required.

so best way map ldap groups tomcat roles?

the application still not picking roles.

my realm details currently:

<realm classname="org.apache.catalina.realm.jndirealm" debug="99"        connectionurl="ldap://adclds001.mycomp.local:389"        connectionname="trainee1@mycomp.local:389"        connectionpassword="****"        userpattern="cn={0},ou=trainers, ou=academy, ou=staff, ou=users, ou=uk, ou=countries, dc=mycompgroup, dc=local"        userrolename="domain users"        rolebase="ou=trainers, ou=academy, ou=staff, ou=users, ou=uk, ou=countries, dc=mycompgroup, dc=local"        rolename="cn"        rolesearch="member={0}"      />

i have security constaint in deployment descriptor:

    <security-constraint>         <web-resource-collection>             <web-resource-name>wildcard means whole app requires authentication</web-resource-name>             <url-pattern>/*</url-pattern>             <http-method>get</http-method>             <http-method>post</http-method>         </web-resource-collection>         <auth-constraint>             <role-name>domain users</role-name>             <role-name>admin_user</role-name>         </auth-constraint>         <user-data-constraint>             <transport-guarantee>none</transport-guarantee>         </user-data-constraint>     </security-constraint>

security roles in web.xml:

    <security-role>         <role-name>basic_user</role-name>     </security-role>     <security-role>         <role-name>admin_user</role-name>     </security-role>      <security-role>         <role-name>domain users</role-name>     </security-role>

i have:

<login-config>     <auth-method>basic</auth-method> </login-config>

also

my dept telling me in following group: cn=domain users,cn=users,dc=mycompgroup,dc=local

can suggest why not able use domain users role?

you've done it. when user logs in, cn of roles in associated user automatically. there nothing left do.


Comments

Post a Comment

Popular posts from this blog

routing - AngularJS State management ->load multiple states in one page -

Image
i developing site in angularjs ui-router. have situation on button click need change , load 3 state page , 3 looks image .please me how can load multiple pages. in 1 page you need configure router config this: $stateprovider .state("state1", { url: "/url1", controller: "firstcontroller", views: { view1: { templateurl: "templates/template1.html" }, view2: { templateurl: "templates/template2.html" }, view3: { templateurl: "templates/template3.html" } } }).state("state2", { url: "/url2", controller: "secondcontroller", views: { view1: { templateurl: "templates/template4.html" }, view2: { templateurl: "templates/template5.html" }, view3: { templateurl: "templates/template6.html" } }).state("state3", { ...
Read more

python - GRASS parser() error -

i'm trying use grass on python 2.7, i'm having problems @ setting script on idle, i'm getting error @ parser() function: here script: import os import sys gisbase = os.environ['gisbase'] = 'c:\program files (x86)\grass gis 7.0.1rc1' gisrc = 'c:\grassdata' gisdbase = 'c:\grassdata' location = 'newlocation' mapset = 'tc' ld_library_path = 'c:\program files (x86)\grass gis 7.0.1rc1\lib' path = 'c:\program files (x86)\grass gis 7.0.1rc1\etc';'c:\program files (x86)\grass gis 7.0.1rc1\etc\python';'c:\program files (x86)\grass gis 7.0.1rc1\lib';'c:\program files (x86)\grass gis 7.0.1rc1\bin';'c:\python27';'c:\program files (x86)\grass gis 7.0.1rc1\python27';'c:\program files (x86)\grass gis 7.0.1rc1\msys' pythonlib = 'c:\python27' pythonpath = 'c:\program files (x86)\grass gis 7.0.1rc1\etc\python' sys.path.append(os.path.join(os.environ['...
Read more

Swift game error message -

i following ios game tutorial. cannot figure out wrong here. error on these 2 lines. let newangle = percent * 180 - 180 cannon.zrotation = cgfloat(newangle) * cgfloat(m_pi); 180.0 //error "use of unresolved identifier 'percent'" the tutorial uses: cannon.zrotation = cgfloat(newangle) * cgfloat(m_pi)/ 180.0 but changed error suggested import spritekit class gamescene: skscene { var cannon: skspritenode! var touchlocation:cgpoint = cgpointzero override func didmovetoview(view: skview) { /* setup scene here */ cannon = self.childnodewithname("cannon") as! skspritenode } override func touchesbegan(touches: set<uitouch>, withevent event: uievent?) { /* called when touch begins */ touchlocation = touches.first!.locationinnode(self) } override func touchesmoved(touches: set<uitouch>, withevent event: uievent?) { touchlocation = touches.first!.locationinn...
Read more