Built with Seam
You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
| Online: | 25 Members of 4505 |
This scenario will help you configure LDAP authentication with XML Login Service. There is other way to do it in different module.
In components.xml change
<security:identity
security-rules="#{securityRules}"
authenticate-method="#{authenticator.authenticate}"
remember-me="true"
jaas-config-name="openLDAPAuth"/>
openLDAPAuth is the name you will define in application-policy later.
In jboss-app.xml add
<module> <service>openLDAP-login-service.xml</service> </module>
after loader-repository tag.
Add new file openLDAP-login-service.xml to classpath
<?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
name="FWLogistics:service=DynamicLoginConfig">
<attribute name="AuthConfig">openLDAP-login-config.xml</attribute>
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig
</depends>
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager
</depends>
</mbean>
</server>
Add openLDAP-login-config.xml to same place/classpath
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
<application-policy name="openLDAPAuth">
<authentication>
<login-module
code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://ldap.host.com:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=Rootuser,dc=domain</module-option>
<module-option name="bindCredential">passwd</module-option>
<module-option name="baseCtxDN">ou=People,dc=domain</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Roles,ou=apps,dc=domain</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
</login-module>
</authentication>
</application-policy>
</policy>
In LDAP, user must be defined with
objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson (optional) objectClass: account (optional) objectClass: posixAccount objectClass: top
That's it! After username and password is authenticated against LDAP, roles will also be retrieved and added to Identity object in Seam.
Created: 07. Mar 2008, 20:17 CET (Tim Pham)
I didn't understand well this configuration: how to change the authenticate method (i think that i will implement a search method to explore the LDAP, is this true?),also if i use seam-gen, where i will add these files please help
Hi Aymen,
You can keep above mentioned files in the following folders: -- resources/web-inf/Components.xml -- resources/meta-inf/jboss-app.xml -- resources/..login-service.xml -- resources/..login-config.xml
And also you can update the authenticate method.
Regards,
Vaibhav Kadhe
For me (using JBoss 4.2.0.GA and Seam 2.0.1.GA) it was easier to just paste the login-config part in the already existing login-config.xml and reference the application policy name from a component.xml with
<security:identity authenticate-method="#{userAction.authenticate}" jaas-config-name="openLDAPAuth" />That way I didn't have to define login-service and jboss-app.xml (Don't know how to get Maven2 generating the module content in jboss-app.xml)
Regards Roman
How do we config the seam application to use Portal LDAP auth when using the iFrame?