I'm using the Tomcat security example to test my LDAP authorization
configuration. I am always forwarded to the error page yet I do not see
any errors in the log file. The configuration and log output is pasted
below. Please let me know if you see anything that I am missing. Thank
you, Barbara Smith
server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="xxxx"
connectionPassword="xxx"
connectionURL="ldap://xxx.xx.x.x:xxx";
userPattern="sAMAccountName={0}, cn=Users, dc=xxx, dc=com"
roleBase="dc=xxx, dc=com, cn=Users"
roleName="cn"
roleSearch="(memberOf={0})"
/>
web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/security/protected/*</url-pattern>
<!-- If you list http methods, only those methods are
protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area
-->
<role-name>Users</role-name>
<role-name>supervisors</role-name>
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/security/protected/login.jsp</form-login-page>
<form-error-page>/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>Users</role-name>
</security-role>
<security-role>
<role-name>supervisors</role-name>
</security-role>
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
User.ldif
dn: CN=Barbara Smith,CN=Users,DC=xxx,DC=com
sAMAccountName: bsmith
memberOf: CN=supervisors,CN=Users,DC=xxx,DC=com
Errors in Tomcat log files:
DEBUG http-8080-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Security checking
request POST /jsp-examples/security/protected/j_security_check
DEBUG http-8080-Processor25
org.apache.catalina.authenticator.FormAuthenticator - Authenticating
username 'bsmith'
DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher -
servletPath=/security/protected/error.jsp, pathInfo=null,
queryString=null, name=null
DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher - Path Based Forward
DEBUG http-8080-Processor25 org.apache.catalina.core.StandardWrapper -
Allocating non-STM instance
DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
- loadClass(org.apache.jsp.security.protected_.error_jsp, false)
DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
- Searching local repositories
DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
- findClass(org.apache.jsp.security.protected_.error_jsp)
DEBUG http-8080-Processor25 org.apache.catalina.loader.WebappClassLoader
- Loading class from local repository
DEBUG http-8080-Processor25
org.apache.catalina.core.ApplicationDispatcher - Disabling the response
for futher output
DEBUG http-8080-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Failed
authenticate() test ??/jsp-examples/security/protected/j_security_check
