1 minute read

using tomcat to connect to ldap
edit server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionName="cn=root"
connectionPassword="idsldap"
connectionURL="ldap://192.168.12.93:1389/"
roleBase="roid=210,cn=allroles,cn=210,O=mycompany"
roleName="roid"
roleSearch="(member={0})"
roleSubtree="false"
userSearch="(uid={0})"
userPassword="userPassword"
userPattern="uid={0},oid=2005,oid=0107,cn=210,O=mycompany"
/>

add context if need be
<Context docBase="C:/eclipse/wtp-all-in-one-sdk-R-1.5.4-win32/eclipse/workspace/webtest/WebContent" path="/webtest" reloadable="true" />

edit web app web.xml for security context
<taglib>
<taglib-uri>http://jakarta.apache.org/taglibs/session-1.0</taglib-uri>
<taglib-location>/WEB-INF/taglibs-session.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>http://jakarta.apache.org/taglibs/request-1.0</taglib-uri>
<taglib-location>/WEB-INF/taglibs-request.tld</taglib-location>
</taglib>

<security-constraint>
<web-resource-collection>
<web-resource-name>Public Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/login.jsp</url-pattern>
</web-resource-collection>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/securepage.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>20014</role-name>
<role-name>20011</role-name>
<role-name>Admin Users</role-name>
</auth-constraint>
</security-constraint>

<!-- uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/fail_login.html</form-error-page>
</form-login-config>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>20014</role-name>
</security-role>
<security-role>
<role-name>20011</role-name>
</security-role>
<security-role>
<role-name>Admin Users</role-name>
</security-role>

create login.jsp
<%@ page language="java" contentType="text/html; charset=BIG5"
pageEncoding="BIG5"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=BIG5">
<title>Insert title here</title>
</head>
<body>
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<br>
<input type="password" name="j_password">
<br>
<input type="submit">
</form>
</body>
</html>

create securepage.jsp
<%@ page language="java" contentType="text/html; charset=BIG5"
pageEncoding="BIG5"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib uri="http://jakarta.apache.org/taglibs/session-1.0" prefix="sess" %>
<%@ taglib uri="http://jakarta.apache.org/taglibs/request-1.0" prefix="req" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=BIG5">
<title>Insert title here</title>
</head>
<body>
secure page
<req:isUserInRole role="20014">
The remote user is in role "20014".<br />
</req:isUserInRole>
</body>
</html>

create logout.jsp
<%@ page language="java" contentType="text/html; charset=BIG5"
pageEncoding="BIG5"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib uri="http://jakarta.apache.org/taglibs/session-1.0" prefix="sess" %>
<%@ taglib uri="http://jakarta.apache.org/taglibs/request-1.0" prefix="req" %>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=BIG5">
<title>Insert title here</title>
</head>
<body>

<sess:invalidate/>
You are now logged out<br>
<a href="index.jsp">Return to index</a>
</body>
</html>

try to access securepage.jsp will be redirected to login.jsp

check catalina for messages
2007-06-15 11:08:39 JNDIRealm[Standalone]: Username 69001 successfully authenticated
2007-06-15 11:08:39 JNDIRealm[Standalone]: getRoles(uid=69001,oid=2005,oid=0107,cn=210,O=mycompany)
2007-06-15 11:08:39 JNDIRealm[Standalone]: Searching role base 'roid=010,cn=allroles,cn=010,O=ESUN' for attribute 'roid'
2007-06-15 11:08:39 JNDIRealm[Standalone]: With filter expression '(member=uid=69001,oid=2005,oid=0107,cn=210,O=mycompany)'
2007-06-15 11:08:39 JNDIRealm[Standalone]: retrieving values for attribute roid
2007-06-15 11:08:39 JNDIRealm[Standalone]: Returning 1 roles
2007-06-15 11:08:39 JNDIRealm[Standalone]: Found role 20014
2007-06-15 11:08:39 JNDIRealm[Standalone]: Username 69001 has role 20014

Comments

You May Also Enjoy

Tracing PWA new content refresh event

less than 1 minute read

I was using this wrapper around PWA(Progress Web Apps) APIs register-service-worker and was wondering how does it detect when there is a new build and the pa...