Announcement Announcement Module
Collapse
No announcement yet.
Grails-SpringSecurity-LDAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Grails-SpringSecurity-LDAP

    Hi,

    I am able to configure grails-springsecurity-ldap in my application but I am not able to ge the role from ldap. I have created group, in that group e.g. I have 2 object one is admin(has 1 user) and other is user(has 5 users). I am able to authenticate but not able to access the page which I am requesting after successful login. It shows me message for access denied.
    I just want to know, how to identify roles when you are authenticate user using ldap?
    Do I need to create more attributes for role?
    How we map those in springsecurity/grails?

    Please help me to resolve this basic issue.

    Thanks in advace,
    Malhar

  • #2
    Answer

    Hi,

    I got the answers of my few questions:

    1. I just want to know, how to identify roles when you are authenticate user using ldap?
    By default LDAP group memberships will be converted to Spring Security roles. For example, if a user belongs to the 'Administrator' and 'Manager' groups, these will be converted to ROLE_ADMINISTRATOR and ROLE_MANAGER Roles.

    2. Do I need to create more attributes for role?
    I think so "no"

    3. How we map those in springsecurity/grails?
    You can disable this lookup by setting the 'ldapRetrieveGroupRoles' attribute to false. In this case you'd want to store Roles in your database and access them via your Role domain class and GORM - set the 'ldapRetrieveDatabaseRoles' attribute to true and configure Users' roles just as you would for a regular database-backed authentication store. If both attributes are true, both stores will be searched for Roles.

    I think this might be this will help

    Comment


    • #3
      Another question

      Hi,

      I am able to do the configuration of spring-security-core and spring-security-ldap in grails.
      1. I installed spring-security-core and then I created classes User, Role, UserRole using s2-quickstart of security-core plugin functionality.
      2. I intalled spring-security-ladp plugin.
      3. Configure properties of ldap in config.groovy then db related in database.groovy, buildconfig.groovy and url related in urlmappings.groovy.
      4. Then I created two classes

      Code:
      import org.springframework.security.core.GrantedAuthority 
      import org.springframework.security.core.userdetails.User
      
      
      class MySecureUser extends User{
      	final String fullname 
      	final String email 
      	final String lastname
      	final String description
      	
      	MySecureUser(String username, String password, 
      		boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, 
      		boolean accountNonLocked, Collection<GrantedAuthority> authorities, String fullname, 
      		String email, String lastname, String description) {
      	
      	super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities)
      	
      	this.fullname = fullname 
      	this.email = email 
      	this.lastname = lastname
      	this.description = description
      	}
      }
      Another class:

      Code:
      import java.util.Collection;
      import org.springframework.ldap.core.DirContextAdapter;
      import org.springframework.ldap.core.DirContextOperations;
      import org.springframework.security.core.GrantedAuthority;
      import org.springframework.security.core.userdetails.UserDetails;
      import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
      import org.springframework.ldap.core.DirContextAdapter 
      import org.springframework.ldap.core.DirContextOperations 
      import org.springframework.security.core.userdetails.UserDetails 
      import org.springframework.security.ldap.userdetails.UserDetailsContextMapper
      import com.test.MySecureUser
      
      
      class UserDetailsContextMapperImpl implements UserDetailsContextMapper {
      
      	@Override
      	public UserDetails mapUserFromContext(DirContextOperations ctx,
      			String username, Collection<GrantedAuthority> authorities) {
      		// TODO Auto-generated method stub
      			String fullname = ctx.originalAttrs.attrs[''].values[0] 
      			String email = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase() 
      			String lastname = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase()
      			String description = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase() 
      
      			def userdetails = new MySecureUser(username, '', true, true, true, true, authorities, fullname, email, lastname, description) { }
      			return userdetails
      	}
      	@Override
      	public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1) {
      		// TODO Auto-generated method stub
      		throw new IllegalStateException("Only retrieving data from AD is currently supported")
      		
      	}
      
      }
      5. Crate entry in resource.groovy of spring

      Code:
      ldapUserDetailsMapper(UserDetailsContextMapperImpl) {
      	// bean attributes
       }
      After running the application, it authenticate and working as per expectation.

      But the problem is:
      1. public UserDetails mapUserFromContext(DirContextOperations ctx,
      String username, Collection<GrantedAuthority> authorities) is looking for authorities in the form of "List"
      2. The User class which I have created with spring-security-core return the autority in the form of Set

      I tried to use the same User class before writing MySecureUser but not getting any success?

      Can anyone have hint, how to use the same class which spring-security-core created for User.?
      Or is ther anything I missed?

      Any inputs, welcome


      Malhar

      Comment


      • #4
        spring security ldap configuration assistance needed

        Hello Malhar,

        Would you be able to assist similar configuration that you have achieved? I just don't have time and can pay you for your time. Let me know.

        Comment


        • #5
          Hello all,

          Can you please help me on an issue I am having with Grails?

          I have an Hibernate application (for accessing the DB) and a Grails (for the front end)

          1.if I call from Grails the Hibernate project and make (the latest) return a hardcoded value without accessing the DB it shows the value on the page (in the Grails side)

          2.if I call from a Grails Java class the Hibernate project and make the latest use Hibernate to access the DB I can get the value in Grails Java class but not on the Grails page

          This means that if I run the Grails application as a Java application I can get the value from the DB but if I run as a Grails application I am getting an exception:

          ERROR connection.DriverManagerConnectionProvider - JDBC Driver class not found: org.apache.derby.jdbc.ClientDriver

          In the Hibernate project I had to configure the Derby Database in the xml file. Apparently I have to configure again in the Grails.

          I would like to configure the DB outside the Grails project.

          Do you know how can I do it?

          Many thanks for your cooperation

          Regards
          Filipe

          Comment


          • #6
            Originally posted by Scganta View Post
            Hello Malhar,

            Would you be able to assist similar configuration that you have achieved? I just don't have time and can pay you for your time. Let me know.
            .................................
            Hi Scganta,

            Sorry for the late reply..
            Still you have issue with it.. If yes let me know, I'll help you...


            Malhar

            Comment

            Working...
            X