LDAP and Websphere Role Mapping / Authorization
Hello.
I'm using Sun One LDAP server, and WSAD 5.1.2
Trying to implement some security for proof of concept. I've been able to configure application server so that Authentication with LDAP works using form based login.
I'm using information based on a tutorial found here:
http://www-106.ibm.com/developerworks/websphere/library/techarticles/0311_mitra /mitra.html#sec1
Having trouble with Authorization. How do I correctly map a J2EE role with my LDAP user? I've tried mapping role to group, user, etc, and trying all kinds of ldap naming to specify exact user, but I still get Authorization error while trying to acces web resource.
I removed all security contraints, and I'm able to access web resource. In this tutorial, the web resource with the security contraint is called TestServlet. It prints out username by calling request.getRemoteUser(). This is always null.
So, I'm assuming that my user information is not being passed from the login.jsp to the TestServlet, and that is why authorization if failing. What do I need to configure to ensure that user information gets passed?
Thanks in advance
[1167 byte] By [
Vvanherka] at [2007-10-1 12:24:10]
> So, I'm assuming that my user information is not
> being passed from the login.jsp to the TestServlet,
> and that is why authorization if failing. What do I
> need to configure to ensure that user information
> gets passed?
I think the first thing you need to do is figure out a way to test verify your assumptions. Otherwise you may waste a lot of time trying to solve a non-existant problem. The first step to solving a problem is identifying the cause as best you can.
Add some debugging to find out what you are sending.
OK, well, I have proved the following.
- Websphere connects to Sun One LDAP for registry.
- A user defined in LDAP registry is able to log into login.jsp using forms based login.
- I'm unable to access protected resource once authenticated.
- If I 'un-protect' resource, I can access it, but call to getRemoteUser() returns null
So,
- I'm unsure how to verify if I'm assigning roles to LDAP users correctly.
- Roles asside, I'm not sure why getRemoteUser returns null if user authenticated.
Any ideas for further debugging to narrow it down would be appreciated.
Thanks.
> Hi,
>
> I have been facing a similar problem with the
> getRemoteuser() method which does not fetch the
> userId properly in my application.
>
> Has this probem been cracked by anybody? Is there a
> solution on the getremoteuser() method?
>
> Kindly let me know asap.
>
> Thanks and Regards,
> Aditya
Hello Aditya.
I got may application to work. Ended up switching to IBM Directory Server, as that is what we are using in production.
Follow the steps in this article, and it should help;
http://www-106.ibm.com/developerworks/websphere/library/techarticles/0311_mitra/mitra.html#sec1
