Reputation: 489
How to migrate PicketBox LdapLoginModule to Elytron?
This is my old code for ldap connection
This creates a javax loginModule with name "login" so when a request came through JMS, our application looks for a javax LoginContext with name "login" and calls login() with login context and a callbackhandler that handles the username/password. The username and password is provided by the message from user/GUI.
<security-domain name="login" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="${java.naming.provider.url}"/>
<module-option name="principalDNPrefix" value="${principalDNPrefix}"/>
<module-option name="principalDNSuffix" value="${principalDNSuffix}"/>
<module-option name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
</login-module>
</authentication>
</security-domain>
Here is my effort for translating it into elytron: Security realms:
<security-realms>
<ldap-realm name="ldapRealm" dir-context="ldapDirContext" direct-verification="true" allow-blank-password="true">
<identity-mapping rdn-identifier="uid" search-base-dn="ou=company,dc=compauth,dc=comp,dc=de" />
</ldap-realm>
<caching-realm name="cached-ldap" realm="ldapRealm"/>
</security-realms>
Dir context
<dir-contexts>
<dir-context name="ldapDirContext" url="${java.naming.provider.url}" authentication-level="none">
<properties>
<property name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
</properties>
</dir-context>
</dir-contexts>
Security domain:
<security-domains>
<security-domain name="login" default-realm="cached-ldap" permission-mapper="default-permission-mapper">
<realm name="cached-ldap" role-decoder="groups-to-roles"/>
</security-domain>
</security-domains>
I'm getting error: No LoginModules configured for "login".
WARN [org.security.login.LoginServiceAbstract] (loginJmsContainer-2) LoginServiceBean.login exception occured : javax.security.auth.login.LoginException: No LoginModules configured for login
at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:417)
at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:83)
at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:68)
...
Upvotes: 1
Views: 196
Answers (1)
Reputation: 489
The way how it works is not applicable with Elytron. There are no login modules that elytron creates that can be used in runtime. So It is easier to have a custom ldap implementation that does not depend on Elytron.
Upvotes: 1
Related Questions
- How do I efficiently iterate over each entry in a Java Map?
- How do I avoid checking for nulls in Java?
- How do I read / convert an InputStream into a String in Java?
- How can I create a memory leak in Java?
- How do I generate random integers within a specific range in Java?
- How do I convert a String to an int in Java?
- How do I call one constructor from another in Java?
- How do I determine whether an array contains a particular value in Java?
- How do I test a class that has private methods, fields or inner classes?
- Defining jboss-web.xml security-domain causes missing dependencies for my EJBs