Tomcat container use LDAP to authenticate user
I am trying to replace Tomcat's inMemory user database with LDAP authentication. making changes in conf/server.xml
When user login popus up i want to compare user credentials against ldap.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="abcusername"
connectionPassword="mypassword"
connectionURL="ldap://ada.cab.ast.com:389"
debug="10" userBase="DC=cab,DC=ast,DC=com"
userSearch="(cn={0})"
userSubtree="true"/>
My web.xml, if user is authenticated all no role restriction
<security-constraint>
<web-resource-collection>
<web-resource-name>HTML Manager interface (for humans)</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
When i provide correct username and password i see in following log that user is authenticated but failed authorization i guess and failed. any help is appreciated.
AuthenticatorBase.register Authenticated 'fkhan002c' with type 'BASIC'
AuthenticatorBase.invoke Calling accessControl()
hasResourcePermission Checking roles GenericPrincipal[fkhan002c()]
AuthenticatorBase.invoke Failed accessControl() test
Found a problem
Web-resource-collection is for java resources as i was trying to autherize static content as you can see following i also needed for static contents.
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure contents</web-resource-name>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Secure content</realm-name>
</login-config>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>*</role-name>
</security-role>