需要配置Ldap到tomcat服务器以进行身份验证和授权。 我已经在serve.xml中声明了领域,并且我能够绑定LDAP服务器 但我需要将 LDAP 组映射到安全角色,但我无法做到这一点 我在下面的 web.xml 中为角色和组映射做了一些配置,但收到 403 错误
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.test.TestServlet</servlet-class>
<security-role-ref>
<role-name>admins</role-name>
<role-link>admins</role-link>
</security-role-ref>
<security-role-ref>
<role-name>users</role-name>
<role-link>users</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
<role-name>users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admins</role-name>
</security-role>
<security-role>
<role-name>users</role-name>
</security-role>
</web-app>
缺少任何映射配置
领域如下;
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="uid=admin,ou=system" connectionPassword="secret" authentication="simple"
connectionURL="ldap://localhost:10389" userSubtree="true"
userBase="ou=User,ou=ActiveMQ,ou=system" userSearch="(uid={0})"
roleBase="ou=Group,ou=ActiveMQ,ou=system"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})" />
角色搜索模式错误,我将其更正为
roleSearch="(member=uid={1})
现在它对我有用,谢谢