Saturday, May 12, 2018

JBoss and LdapDomain

check this https://developer.jboss.org/thread/274715?_sscc=t


in standalone.xml you should have:

<security-domain name="LdapDomain" cache-type="default">
 <authentication>
  <login-module code="LdapExtended" flag="required">
   <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
   <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
   <module-option name="java.naming.security.authentication" value="simple"/>
   <module-option name="bindDN" value="uid=admin,ou=system"/>
   <module-option name="bindCredential" value="secret"/>
   <module-option name="baseCtxDN" value="ou=People,dc=example,dc=com"/>
   <module-option name="baseFilter" value="(uid={0})"/>
   <module-option name="rolesCtxDN" value="ou=Roles,dc=example,dc=com"/>
   <module-option name="roleFilter" value="(member={1})"/>
   <module-option name="roleAttributeID" value="cn"/>
   <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
   <module-option name="allowEmptyPasswords" value="true"/>
  </login-module>
 </authentication>
</security-domain>





How to secure your web.xml: http://www.javamonamour.org/2012/06/tomcat-web-application-security-in-20.html


<security-constraint>
 <web-resource-collection>
  <web-resource-name>HtmlAuth</web-resource-name>
  <description>application security constraints
  </description>
  <url-pattern>/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>PUT</http-method>
  <http-method>DELETE</http-method>
 </web-resource-collection>
 <auth-constraint>
  <role-name>Manager</role-name>
 </auth-constraint>
</security-constraint>
<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Sample Realm</realm-name>
</login-config>
<security-role>
 <role-name>Manager</role-name>
</security-role>

jboss-web.xml :


<jboss-web>
<security-domain>java:/jaas/LdapDomain</security-domain>
</jboss-web>


In order to use FORM login, instead of BASIC:

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>OsbReports Application</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>

with login.jsp :

<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
</form>


See also




https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_identity_management/legacy_security_subsystem#configure_a_security_domain_to_use_ldap

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/login_module_reference/index#ldapextended_login_module




All JBoss login modules: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/login_module_reference/

JBOSS LDAP Examples https://developer.jboss.org/wiki/LDAPSecurityRealmExamples , shows how to use username-filter and advanced-filter to query onsAMAccountName and memberOf )





No comments: