需要将Ldap配置为tomcat服务器以进行身份验证和授权。 我已经在serve.xml中声明了这个领域,我能够绑定ldap服务器 但我需要将ldap组映射到安全角色,但我无法做到这一点 我在下面的web.xml中进行了一些配置,用于角色和组映射,但得到403错误
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.test.TestServlet</servlet-class>
<security-role-ref>
<role-name>admins</role-name>
<role-link>admins</role-link>
</security-role-ref>
<security-role-ref>
<role-name>users</role-name>
<role-link>users</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
<role-name>users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admins</role-name>
</security-role>
<security-role>
<role-name>users</role-name>
</security-role>
</web-app>
am missing any configuration for mapping
realm as below;
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="uid=admin,ou=system" connectionPassword="secret" authentication="simple"
connectionURL="ldap://localhost:10389" userSubtree="true"
userBase="ou=User,ou=ActiveMQ,ou=system" userSearch="(uid={0})"
roleBase="ou=Group,ou=ActiveMQ,ou=system" roleName="cn" roleSubtree="true"
roleSearch="(member={0})" />
答案 0 :(得分:0)
角色搜索模式错误,我将其更正为
roleSearch="(member=uid={1})
现在它对我有用了谢谢