Java – security role ref does not work properly
These are my web XML content
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" Metadata-complete="true"> <servlet> <security-role-ref> <role-name>MY_GROUP_NAME</role-name> <role-link>REGISTERED_USER</role-link> </security-role-ref> </servlet> <servlet> <servlet-name>action</servlet-name> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/struts-config.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <resource-ref> <description>My datasource</description> <res-ref-name>jdbc/XXXXXXXX</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/protected/`*`</url-pattern> <!-- If you list http methods,only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>tomcat</role-name> <role-name>role1</role-name> <role-name>REGISTERED_USER</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/protected/login.jsp</form-login-page> <form-error-page>/protected/error.jsp</form-error-page> </form-login-config> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>role1</role-name> </security-role> <security-role> <role-name>tomcat</role-name> </security-role> <security-role> <role-name>REGISTERED_USER</role-name> </security-role> </web-app>
When I use group my in LDAP_ GROUP_ When a valid user in name performs login, request Getremoteuser() and request Getuserprincipal() works normally For my_ GROUP_ Name test user
String role = request.getParameter("role"); request.isUserInRole(role);
Work well
The problem is with roles_ The user role does not work when testing users Has anyone seen what I'm missing here?
Some additional information
I use Apache Tomcat v7 zero point two two
LDAP is opendj 2.4 five
Windows 7 operating system
Solution
I didn't use opendj, but according to https://wikis.forgerock.org/confluence/display/OPENDJ/Configure +There is no "mapping" between Apache + Tomcat + with + opendj + as + an + identity + store Tomcat role and LDAP rules, because the mapping is one-to-one and the name should be the same The LDAP groups you want to use should be defined as Tomcat roles, and you should use their names (web. XML) in the security role section of the web descriptor