需要将 Ldap 配置为 tomcat 服务器以进行身份验证和授权。 我已经在服务中声明了领域.xml并且能够绑定 ldap 服务器 但是我需要将LDAP组映射到安全角色,但我无法做到这一点 我在 Web 中进行了一些配置.xml下面用于角色和组映射,但收到 403 错误
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.test.TestServlet</servlet-class>
<security-role-ref>
<role-name>admins</role-name>
<role-link>admins</role-link>
</security-role-ref>
<security-role-ref>
<role-name>users</role-name>
<role-link>users</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
<role-name>users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admins</role-name>
</security-role>
<security-role>
<role-name>users</role-name>
</security-role>
</web-app>
am missing any configuration for mapping
realm as below;
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="uid=admin,ou=system" connectionPassword="secret" authentication="simple"
connectionURL="ldap://localhost:10389" userSubtree="true"
userBase="ou=User,ou=ActiveMQ,ou=system" userSearch="(uid={0})"
roleBase="ou=Group,ou=ActiveMQ,ou=system" roleName="cn" roleSubtree="true"
roleSearch="(member={0})" />
角色搜索模式错误,我将其更正为
roleSearch="(member=uid={1})
现在它对我有用,谢谢