我正在尝试配置在我的本地jboss EAP 6.1服务器上运行的J2EE应用程序,以使用Microsoft AD LDAP进行身份验证。我所拥有的不起作用,我无法弄清楚问题是什么。
如果我在application-users.properties文件中定义用户,我可以进行身份验证。
这是我的网络应用程序的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.company.test.project.servlet.TestServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test.do</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured Resources</web-resource-name>
<description>All CrossSells resources not viewable by the public</description>
<url-pattern>/test.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>DV_User_1</role-name>
<role-name>DV_User_2</role-name>
<role-name>DV_Super_User</role-name>
<role-name>DV_Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LdapRealm</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp?message=Invalid+Username+or+Password</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>DV_User_1</role-name>
</security-role>
<security-role>
<role-name>DV_User_2</role-name>
</security-role>
<security-role>
<role-name>DV_Super_User</role-name>
</security-role>
<security-role>
<role-name>DV_Admin</role-name>
</security-role>
</web-app>
这是我的jboss EAP服务器standalone.xml中的安全设置:
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="LdapRealm">
<authentication>
<ldap connection="MicrosoftAD" base-dn="DC=co,DC=company,DC=local">
<advanced-filter filter="(sAMAccountName={0})"/>
</ldap>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<outbound-connections>
<ldap name="MicrosoftAD" url="ldap://server:389" search-dn="CN=server\, server,OU=Service Accounts,OU=POD,DC=co,DC=company,DC=local" search-credential="password"/>
</outbound-connections>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket-binding native="management-native"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
</management>
答案 0 :(得分:0)
更改security-realm =“managementRealm”for security-realm =“LdapRealm”
@braybaut