[SOLVED] Mapping Ldap groups to role of the application in tomcat

Mapping Ldap groups to role of the application in tomcat

Need to configure Ldap to tomcat server for authentication and authorization purpose. I have declared the realm in serve.xml and i am able to bind the ldap server but i need to map the ldap groups to security roles but i am not able to do that i have made some configuration in web.xml below for role and group mapping but getting 403 error

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">
    <servlet>
        <servlet-name>TestServlet</servlet-name>
        <servlet-class>com.test.TestServlet</servlet-class>

        <security-role-ref>
            <role-name>admins</role-name>
            <role-link>admins</role-link>
        </security-role-ref>
        
        <security-role-ref>
            <role-name>users</role-name>
            <role-link>users</role-link>
        </security-role-ref>
        
    </servlet>
    <servlet-mapping>
        <servlet-name>TestServlet</servlet-name>
        <url-pattern>/test</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Authentication</web-resource-name>
            <url-pattern>/*</url-pattern>
            <url-pattern>/test</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admins</role-name>
            <role-name>users</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>

    <security-role>
        <role-name>admins</role-name>
    </security-role>
    
    <security-role>
        <role-name>users</role-name>
    </security-role>
</web-app>

am missing any configuration for mapping

realm as below;

<Realm className="org.apache.catalina.realm.JNDIRealm"
    connectionName="uid=admin,ou=system" connectionPassword="secret" authentication="simple"
    connectionURL="ldap://localhost:10389" userSubtree="true"
    userBase="ou=User,ou=ActiveMQ,ou=system" userSearch="(uid={0})"
    roleBase="ou=Group,ou=ActiveMQ,ou=system"
    roleName="cn"
    roleSubtree="true"
    roleSearch="(member={0})" />

Solution

Role Search pattern was wrong , i correct it as

roleSearch="(member=uid={1})

Now it works for me thanks