Announcement Announcement Module
Collapse
No announcement yet.
Spring Rich Client + LDAP authentication and authorization Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Rich Client + LDAP authentication and authorization

    Hi every one..

    I'm trying to use the petclinic sample of the rich client with LDAP. I'm using the spring-security-ldap release 3.0.2. I've done the authentication with no problems, but the authorization is being really complicated. I'm would like to use "annotation" and for this I found in some place that I need to use the last version of spring-beans (org.springframework.beans-sources-3.0.2.RELEASE.jar). But when I chanched the version of the spring-beans I'm having this error:

    ERROR,PetClinicStandalone,main] RuntimeException during startup
    org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'serviceLocator' defined in class path resource [org/springframework/richclient/samples/petclinic/ctx/common/richclient-application-context.xml]: Cannot resolve reference to bean 'applicationServices' while setting bean property 'applicationServices'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'applicationServices' defined in class path resource [org/springframework/richclient/samples/petclinic/ctx/common/richclient-application-context.xml]: Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: Method must not be null


    my applicationServices bean is this:

    <bean id="applicationServices" class="org.springframework.richclient.application. support.DefaultApplicationServices">

    <property name="applicationObjectConfigurerId">
    <idref bean="applicationObjectConfigurer" />
    </property>
    <property name="imageSourceId">
    <idref bean="imageSource" />
    </property>
    <property name="rulesSourceId">
    <idref bean="rulesSource" />
    </property>
    <property name="conversionServiceId">
    <idref bean="conversionService"/>
    </property>
    <property name="formComponentInterceptorFactoryId">
    <idref bean="formComponentInterceptorFactory" />
    </property>
    <property name="binderSelectionStrategyId">
    <idref bean="binderSelectionStrategy" />
    </property>
    <!--
    <property name="messageSourceId"><idref bean="messageSource"/></property>
    -->
    </bean>

    I've no idea about what i need inside it... I'm missing some thing? everthing is the same of the richclinet-application-context...

    Can anyone help me? I didn't find anything on the web about this...

  • #2
    Originally posted by felipecomp19 View Post
    I'm would like to use "annotation" and for this I found in some place that I need to use the last version of spring-beans (org.springframework.beans-sources-3.0.2.RELEASE.jar). But when I chanched the version of the spring-beans I'm
    Hi,

    You do release that the jar you've mentioned there only has the source code in it?

    Comment


    • #3
      yes... in my project I'm using the .jar with the ".class" files....

      When I changed to spring-beans 3.0.2 I've got some unimplemented methods in the class FormModel2BeanWrapperAdapter that is a inner class of ValangRichValidator of the package "org.springframework.binding.validation.suppor t" ... The methods are:

      ublic boolean isAutoGrowNestedPaths() {
      // TODO Auto-generated method stub
      return false;
      }

      public void setAutoGrowNestedPaths(boolean arg0) {
      // TODO Auto-generated method stub

      }

      public ConversionService getConversionService() {
      // TODO Auto-generated method stub
      return null;
      }

      public void setConversionService(ConversionService arg0) {
      // TODO Auto-generated method stub

      }

      public TypeDescriptor getPropertyTypeDescriptor(String arg0)
      throws BeansException {
      // TODO Auto-generated method stub
      return null;

      i don't know if the problem are here because when I debug it is seems that the execution don't pass through it ...

      I discovered that when trying to execute "at org.springframework.core.BridgeMethodResolver.find BridgedMethod(BridgeMethodResolver.java:65) " the method are receving a null "bridgeMethod" and the error comes.... But I don't know why this is happening...

      Can you gusgurman or anyone help me???

      Comment


      • #4
        I still working in rich client + authorization... I think I'm getting close but, somothing is missing...

        this is my security contexte:


        <s:global-method-security pre-post-annotations="enabled"></s:global-method-security>

        <s:authentication-manager>
        <s:authentication-provider ref="ldapAuthenticationProvider">
        </s:authentication-provider>
        </s:authentication-manager>

        <bean id="initialDirContextFactory"
        class="org.springframework.security.ldap.DefaultSp ringSecurityContextSource">
        ...
        </bean>

        <bean id="ldapAuthenticationProvider"
        class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
        <constructor-arg>
        <ref local="authenticator" />
        </constructor-arg>

        <constructor-arg>
        <ref local="populator" />
        </constructor-arg>

        <!--
        <property name="userCache" ref="userCache"/>
        -->
        </bean>

        <bean id="authenticator"
        class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
        <constructor-arg>
        <ref local="initialDirContextFactory" />
        </constructor-arg>
        <property name="userDnPatterns">
        <list>
        <value>uid={0},ou=employees,ou=partners</value>
        <value>uid={0},ou=customers,ou=partners</value>
        <value>uid={0},ou=suppliers,ou=partners</value>
        </list>
        </property>

        <property name="userSearch">
        <ref local="userSearch" />
        </property>

        </bean>


        <bean id="populator"
        class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
        <constructor-arg>
        <ref local="initialDirContextFactory" />
        </constructor-arg>
        <constructor-arg>
        <value>ou=departments</value>
        </constructor-arg>
        <property name="groupRoleAttribute">
        <value>ou</value>
        </property>
        <property name="searchSubtree">
        <value>true</value>
        </property>
        <property name="enableAuthorities" value="true"/>
        </bean>

        and I put the anotation in the method that i want the authorization:

        @PreAuthorize("hasRole('ROLE_HEAD_OF_ENGINEERING') ")
        public void execute() {
        if (wizardDialog == null) {
        wizardForm = new CompoundForm();
        wizardForm.setFormObject(new Owner());
        wizardDialog = new WizardDialog(this);
        }
        wizardForm.setFormObject(new Owner());
        wizardDialog.showDialog();
        }

        But it doesn't work... am I missing something? I tried something like this to:

        <bean id="accountService" class="accounts.AccountServiceImpl">
        Secure the secureAccount method, only allowing ROLE_ADMIN access.
        <security:intercept-methods>
        <securityrotect access="ROLE_ADMIN" method="secureAccount"/>
        </security:intercept-methods>
        </bean>

        but doesn't to....

        So How can I do that???? I've tried to "google " it a lot... but i'm not lucky....

        help..

        Comment


        • #5
          Here's what I've got working:

          in my web.xml:
          Code:
          <!--
              Configures the spring security filter.
            -->
            <filter>
              <filter-name>springSecurityFilterChain</filter-name>
              <filter-class>
                org.springframework.web.filter.DelegatingFilterProxy
              </filter-class>
            </filter>
            <filter-mapping>
              <filter-name>springSecurityFilterChain</filter-name>
              <url-pattern>/*</url-pattern>
            </filter-mapping>
          in my security context:
          Code:
          <beans:bean id="userSearch"
                        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
              <beans:constructor-arg index="0" value="${ldap.user-search-base}"/>
              <beans:constructor-arg index="1" value="${ldap.user-search-filter}"/>
              <beans:constructor-arg index="2" ref="contextSource" />
            </beans:bean>
          
            <beans:bean id="contextSource"
                        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
              <beans:constructor-arg value="${ldap.url}"/>
              <beans:property name="userDn" value="${ldap.manager-dn}"/>
              <beans:property name="password" value="${ldap.manager-password}"/>
            </beans:bean>
          
            <beans:bean id="ldapAuthProvider"
                        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
              <custom-authentication-provider/>
              <beans:constructor-arg>
                <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                  <beans:constructor-arg ref="contextSource"/>
                  <beans:property name="userSearch" ref="userSearch"/>
                </beans:bean>
              </beans:constructor-arg>
              <beans:constructor-arg>
          
                <!-- An authorities populator that loads roles as LDAP groups a user is a member of. -->
                <beans:bean
                  class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                  <beans:constructor-arg ref="contextSource"/>
                  <beans:constructor-arg value="${ldap.group-search-base}"/>
                  <beans:property name="groupSearchFilter" value="${ldap.group-search-filter}"/>
                </beans:bean>
              </beans:constructor-arg>
            </beans:bean>
          hope this helps.

          Comment


          • #6
            [solved]

            Hi everyone! After a long time a successfully resolved my problem.

            What I needed to was to use a ProxyCreator to "intercept" de bean that I want to protect a method. Like this:

            <bean id="autoProxyCreator" class='org.springframework.aop.framework.autoproxy .BeanNameAutoProxyCreator'>
            <property name="interceptorNames">
            <list>
            <value>petClinicSecurity</value>
            </list>
            </property>
            <property name="beanNames">
            <list>
            <value>newOwnerWizard</value>
            <value>windowMenu</value>
            </list>
            </property>
            <property name="proxyTargetClass" value="true"></property>
            </bean>

            <bean id="petClinicSecurity"
            class="org.springframework.security.access.interce pt.aopalliance.MethodSecurityInterceptor">
            <property name="authenticationManager" ref="authenticationManager" />
            <property name="accessDecisionManager" ref="accessDecisionManager" />
            <!--
            <property name="afterInvocationManager" ref="afterInvocationManager"
            />
            -->
            <property name="securityMetadataSource">
            <value>
            org.springframework.richclient.samples.petclinic.u i.NewOwnerWizard.execute=ROLE_HEAD_OF_ENGINEERING
            org.springframework.richclient.command.CommandGrou pFactoryBean.*=ROLE_HEAD_OF_ENGINEERING
            </value>
            </property>
            </bean>

            I hope this help someone.

            Bye

            Comment

            Working...
            X