Hello,
I'm using JNDIRealm with Tomcat for authentication, which at the moment works fine. However, we do not store any roles in the LDAP, so all authenticated users are not returning any roles. This sends user's to an HTTP 401 failed authorization page.
I'd like to assign an "Admin" role to any and all user's who authenticate successfully. Here is my fragment from my web.xml file and the Realm used in my server.xml.
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
resourceName="LDAPRealm"
connectionURL="ldap://something.com:389"
userPattern="uid={0},ou=people,ou=internal,dc=something,dc=com"
allRolesMode = "authOnly"/> -->
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>Resource</web-resource-name>
<description>Resource</description>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>Admin</role-name>
</security-role>
Should I be using a JAASRealm with custom LoginModule? After the realm calls the authenticate() method and returns success, should I override another method to explicitly set the RolePrincipal to "Admin" so that authorization succeeds?
Please help!
Thanks,
Andy