Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] JAAS LdapLoginModule - mapping groups to roles

Thanks for the advice Jan, although I've been running some tests without success. Basically I did something like this:

[code]

public class RoleMappingServletHandler extends ServletHandler
{
@Override
protected synchronized void doStart()
throws Exception
{
super.doStart();

final ServletHolder[] servlets = getServlets();
for (final ServletHolder servlet : servlets)
{
servlet.setUserRoleLink("user", "userRole");
}
}
}

[/code]

[code]

<Configure id="wac" class="org.eclipse.jetty.webapp.WebAppContext">

<Set name='servletHandler'>
<New class='com.aurea.jetty.servlet.RoleMappingServletHandler'/>
</Set>
</Configure>

[/code]


The code is summarized, but basically I am trying to connect to my LDAP server, and I am receiving error 403. When I change the LDAP settings and set it to the one the webapp is expecting, then it works, so it seems like the mapping is not working properly.


2016-11-24 22:34 GMT-02:00 Jan Bartel <janb@xxxxxxxxxxx>:
Samuel,

I think you're going to have to write a tiny bit of code to get the ServletHandler from the context, iterate over the servlets, and call ServletHolder.setUserRoleLink(role,link) for all the groups you want to link to a different name.  That bit of code would need to be invoked from a WEB-INF/jetty-web.xml file to ensure that the jetty classes are visible.

Jan

On 25 November 2016 at 11:01, Samuel Martinucci <samuelmartinucci@xxxxxxxxx> wrote:
Hello Jan,

I am looking for something more generic, that applies to everything inside of the context (similar to the function that this mapping has on glassfish-web.xml)

2016-11-24 21:57 GMT-02:00 Jan Bartel <janb@xxxxxxxxxxx>:
Hi Samuel,

You can map the role names for a given <servlet> in  web.xml using the <security-role-ref><role-name><role-link>.  So if your ldap group is "manager" but you want to do request.isUserInRole("admin") you would declare <security-role-ref><role-name>admin</role-name><role-link>manager</role-link></security-role-ref>.

Or are you looking for a way to configure this for all servlets, or looking for a way to configure this external to the web.xml?


Jan

On 24 November 2016 at 21:48, Samuel Martinucci <samuelmartinucci@xxxxxxxxx> wrote:
Hi,

I've found the following email thread and I am currently facing the same problem, does anyone know if it was solved some way?


I've tried with sun-web.xml without success and I am starting to share the same thought that I will need to subclass LdapLoginModule, even though I imagine that there might exist a solution for this.

Best regards.

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top