You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
This scenario will help you configure LDAP authentication with XML Login Service. There is other way to do it in different module.
In components.xml change
<security:identity security-rules="#{securityRules}" authenticate-method="#{authenticator.authenticate}" remember-me="true" jaas-config-name="openLDAPAuth"/>
openLDAPAuth is the name you will define in application-policy later.
In jboss-app.xml add
<module> <service>openLDAP-login-service.xml</service> </module>
after loader-repository tag.
Add new file openLDAP-login-service.xml to classpath
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="FWLogistics:service=DynamicLoginConfig"> <attribute name="AuthConfig">openLDAP-login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
Add openLDAP-login-config.xml to same place/classpath
<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <application-policy name="openLDAPAuth"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://ldap.host.com:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="bindDN">cn=Rootuser,dc=domain</module-option> <module-option name="bindCredential">passwd</module-option> <module-option name="baseCtxDN">ou=People,dc=domain</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Roles,ou=apps,dc=domain</module-option> <module-option name="roleFilter">(member={1})</module-option> <module-option name="roleAttributeID">cn</module-option> </login-module> </authentication> </application-policy> </policy>
In LDAP, user must be defined with
objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson (optional) objectClass: account (optional) objectClass: posixAccount objectClass: top
That's it! After username and password is authenticated against LDAP, roles will also be retrieved and added to Identity object in Seam.
good