I've run into a problem that I can't seem to resolve. :( I have to
configure Tomcat to work with Microsoft LDAP. I'm using Tomcat 7, and
both servers are running on Windows 2003. I managed to configure a
JNDI Realm in server.xml and it seems to be able to connect to LDAP
and authenticate the user without any apparent problems. (Listing
below) However, the Deplyment Descriptor (WEB.XML) is giving me fits.
When the url-pattern for security-constraint is /jsp/* then the user
is validated only once and then never again, as if their credentials
had been cached, but the main problem is that request.getRemoteUser()
is never set (i.e. it is always null) same with Principal.
If I change the url-pattern to /* then the user is authenticated each
and every time the application is accessed and the
request.getRemoteUser() is then set to that user name. But then I
cannot store anything in the session of the application. When I do
request.getSession(false).setAttribute("oy", vey); the session is not
updated and doing the request.getSession(false).getAttribute("oy")
returns null.
I tried this having index.jsp in the main application directory,
meaning at the same level as WEB-INF and the jsp directory, and then
redirecting the user to a servlet. I also tried it by going directly
into the jsp directory upon the very first request. In essence moving
the index.jsp into the jsp directory. Both methods exhibit the same
behavior. :(
What on earth is going on? I've plowed through the Tomcat log files
hoping for any morsel of a clue as to what's happening, but to no
avail. I'm officially and completely lost and confused.
List 1. Server.xml (The ip, name, pw and DC=compname have been changed
to protect the guilty :))
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="supersecretname"
connectionPassword="supersecretpw"
connectionURL="ldap://255.255.255.255:389";
debug="99"
referrals="follow"
roleBase="OU=DOMAIN_OBJECTS,DC=compname,DC=local"
roleName="CN"
roleSearch="(member={0})"
roleSubtree="true"
userBase="OU=DOMAIN_OBJECTS,DC=compname,DC=local"
userSearch="(sAMAccountName={0})"
userSubtree="true"
userRoleName="memberOf" />
Listing 2 (Web.xml) Deployment Descriptor
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID"
version="3.0">
<display-name>MyApp</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role1</role-name>
<role-name>Role2</role-name>
<role-name>Role3</role-name>
<role-name>Role4</role-name>
<role-name>Role5</role-name>
<role-name>Role6</role-name>
<role-name>Role7</role-name>
<role-name>Role8</role-name>
<role-name>Role9</role-name>
<role-name>P010</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyApp</realm-name>
</login-config>
<security-role>
<description>Role1</description>
<role-name>Role1</role-name>
</security-role>
<security-role>
<description>Role2</description>
<role-name>Role2</role-name>
</security-role>
<security-role>
<description>Role3</description>
<role-name>Role3</role-name>
</security-role>
<security-role>
<description>Role4</description>
<role-name>Role4</role-name>
</security-role>
<security-role>
<description>Role5</description>
<role-name>Role5</role-name>
</security-role>
<security-role>
<description>Role6</description>
<role-name>Role6</role-name>
</security-role>
<security-role>
<description>Role7</description>
<role-name>Role7</role-name>
</security-role>
<security-role>
<description>Role8</description>
<role-name>Role8</role-name>
</security-role>
<security-role>
<description>Role9</description>
<role-name>Role9</role-name>
</security-role>
<security-role>
<description>P010</description>
<role-name>P010</role-name>
</security-role>
</web-app>
Thanks to all in advance.
Rudy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
