를 작동하지 않는이 내 web.xml 파일의 내용이보안 역할 심판이 제대로
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0" metadata-complete="true">
<servlet>
<security-role-ref>
<role-name>MY_GROUP_NAME</role-name>
<role-link>REGISTERED_USER</role-link>
</security-role-ref>
</servlet>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<resource-ref>
<description>My datasource</description>
<res-ref-name>jdbc/XXXXXXXX</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/protected/`*`</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
<role-name>REGISTERED_USER</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/protected/login.jsp</form-login-page>
<form-error-page>/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<security-role>
<role-name>REGISTERED_USER</role-name>
</security-role>
</web-app>
내가 LDAP의 그룹 MY_GROUP_NAME에 다음 request.getRemoteUser있는 유효한 사용자 (로그인을 수행 할 때)와 request.getUserPrincipal() 작동 확인. MY_GROUP_NAME에 대한 사용자 테스트
String role = request.getParameter("role");
request.isUserInRole(role);
잘 작동합니다.
REGISTERED_USER 역할에 대해 사용자를 테스트 할 때 문제가 발생합니다. 아무도 내가 여기에서 놓치고있는 것을 본다?
몇 가지 추가 정보
내가 사용하는 아파치 톰캣 v7.0.22
LDAP는 OpenDJ 2.4.5
윈도우 7 OS 내가 OpenDJ에서 발생할 적이 없다
REGISTERED_USER는 등록 된 모든 사용자 또는 LDAP 검색 기반 그룹의 목록입니까? – rmarimon
아니요, REGISTERED_USER은 (는) LDAP 그룹 이름 인 MY_GROUP_NAME에 매핑하려는 역할입니다. – MaVRoSCy