WebSphere5.1.x + Jaas + LDAP configuration Raiders (1)

Foreword: The previous day wrote a configuration about Jaas LDAP on JBoss: http://blog.9cbs.net/oicqren/archive/2004/11/27/195803.aspx is now transplanted to WebSphere, This process is complicated than JBOSS. The same is to search online all day, try, ask, call to harass the IBM engineer! It is strange that no one can give an accurate answer. Maybe a wife came to Shenzhen to see me, bringing a lot of support and luck. I solved this problem today and put it out. PS. For more security information, please refer to the Red Book: SG246573

http://publib-b.boulder.ibm.com/redbooks.nsf/redbookabstracts/sg246573.html?open Target: Using the JaAs Framework, use LDAP Server, use WebSphere, do user authentication and authorization (verification meaning is user Effective, ie the username, password input is correct; the meaning of authorization is that the user is granted a role)

Basic Requirements: Excellent J2EE Framework is familiar with IPlanet Directory Server Configuration Familiar WebSphere Configuration Familiar with JaAs Framework

Preparation: Windows 2K (To join the domain) J2SDK1.4.2 InstalledWebsphere 5.1.x or WebPHSERE Installediplanet Directory Server 5.1 Service Pack 2 Installed

Suppose: Application name is MyApp

Point-list: web.xmlapplication.xmlibm-application-bottom.xmlibm-application-bottom.xmlibm-application-bottom.xmlibm-application-bottom, WebSphere Admin Console: Security> JAAS Configuration> Application Login WebSphere Admin Console: Security> User Registry> LDAPWEBSphere Admin Console: Safety> Global Security WebSphere Admin Console: Applications> Enterprise Applications> MyApp> Mapping Security Roles to User / Group Accessible: WebSphere Admin Console: Security> Authentication Mechanism> LTPA

Also: You can modify the following configuration through the WAS AAT tool, or the WSAD development tool, the text editor. But you have to configure the same. I modified with UltraEdit. So the following method has no introduction of the tool.

[Web.XML] --------------------------------------------- ------------------------------------------------ I don't have to say it! Add below in the tag.

: Expression of security constraints : Resource file name mode in security constraints * .jsp represents all JSP files, *. do represents all ACTION : Limited access method in security constraint : That role can be considered to have permission access resources : Verify the authorization method, this must be a Form type : Security domain Name : If you have not yet verified, you will turn to this page : If the verification is not passed, turn to this page : Describe the above Role restricted DECLARATIVE SECURITY TESTS *. Do *. jsp head get post PUT delete ICPUser No Description None Form icprealm /login.do <

Form-error-page> /logerror.do a user allowed to login < Role-name> ICPUser --------------------------------- -------------------------------------------------- ---------- [Application.xml] ----------------------------------- -------------------------------------------------- -------- Do not say, J2EE developers should know it. Modify myApp Add below in the tab. ID = "..." is important that it is impossible to omit. role-icpuser ICPUSER ------------ -------------------------------------------------- -------------------------------

[IBM-Application-Bnd.xmi] ----------------------------------------- -------------------------------------------------- - After the "Application> Installation New Application" feature is successfully released. Check if the $ WAS_HOME / CONFIG / CELLS / ZKF5011 / AppLications / myapp.ear / depoyments / myapp / meta-inf / ibm-application-Bnd.xmi file exists below, if not added. Here, Role Href = "Meta-INF / Application.xml # ..." /> It must be the same as the application.xml Both "securityrole_1" ------------ -------------------------------------------------- -----------------------------------