check this https://developer.jboss.org/thread/274715?_sscc=t
in standalone.xml you should have:
How to secure your web.xml: http://www.javamonamour.org/2012/06/tomcat-web-application-security-in-20.html
jboss-web.xml :
See also
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_identity_management/legacy_security_subsystem#configure_a_security_domain_to_use_ldap
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/login_module_reference/index#ldapextended_login_module
All JBoss login modules: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/login_module_reference/
JBOSS LDAP Examples https://developer.jboss.org/wiki/LDAPSecurityRealmExamples , shows how to use username-filter and advanced-filter to query onsAMAccountName and memberOf )
in standalone.xml you should have:
<security-domain name="LdapDomain" cache-type="default">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="ou=People,dc=example,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=Roles,dc=example,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
How to secure your web.xml: http://www.javamonamour.org/2012/06/tomcat-web-application-security-in-20.html
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Sample Realm</realm-name>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
jboss-web.xml :
<jboss-web>
<security-domain>java:/jaas/LdapDomain</security-domain>
</jboss-web>
See also
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_identity_management/legacy_security_subsystem#configure_a_security_domain_to_use_ldap
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/login_module_reference/index#ldapextended_login_module
All JBoss login modules: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/login_module_reference/
JBOSS LDAP Examples https://developer.jboss.org/wiki/LDAPSecurityRealmExamples , shows how to use username-filter and advanced-filter to query onsAMAccountName and memberOf )