Announcement Announcement Module
Collapse
No announcement yet.
form based authentication (j_security_check) into spring ldap authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • form based authentication (j_security_check) into spring ldap authentication

    Hi everybody,

    I'm trying to replace a form based authentication (ldap) by using spring ldap. Unfortunately I'm running in a few problems.

    This is my old authentication:
    jsp
    Code:
    <form name="formular" method="POST" action='<%= response.encodeURL("j_security_check") %>' >
    
    <br><br>
    
    <div style="position:absolute; top:100px; left:350px; width:350px;">
    	<fieldset style="border-color: #212863;">
    	<legend style="font-size: 16px;font-weight: bold;color: #212863">Login PCT</legend>
    	<table border="0" cellspacing="5" width="100%" align="center">
    	<tr>
    	    <td align="right" style="font-size: 12px; color: #212863;">User:</td>
    	    <td align="left"><input class="login3" type="text" name="j_username"></td>
    	</tr>
    	<tr>
    	    <td align="right" style="font-size: 12px; color: #212863;">Passwort:</td>
    	    <td align="left"><input class="login3" type="password" name="j_password"></td>
    	</tr>
    	<tr>
    	    <td align="right">&nbsp;</td>
    	    <td align="left">
    	    	<input type="submit" value="Login">
    	    	<input type="reset" value="Reset">
    	    </td>
    	</tr>
    	</table>
    	</fieldset>
    </div>
    	  
    </form>
    web.xml:
    Code:
        <!-- Default login configuration uses form-based authentication -->
        <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
            <form-login-page>/faces/login.jsp</form-login-page>
            <form-error-page>/faces/loginerror.jsp</form-error-page>
          </form-login-config>
        </login-config>
    And in my applicationserver there was according entrace for the ldap.

    What I need right now is an additional parameter during my authentication. So I can't use the form based authentication.

    So first of all I tried to replace the action on my jsp:
    Code:
    <form name="formular" method="POST" action="#{testBean.doSomething}">
    
    <br><br>
    
    <div style="position:absolute; top:100px; left:350px; width:350px;">
    	<fieldset style="border-color: #212863;">
    	<legend style="font-size: 16px;font-weight: bold;color: #212863">Login PCT</legend>
    	<table border="0" cellspacing="5" width="100%" align="center">
    	<tr>
    	    <td align="right" style="font-size: 12px; color: #212863;">User:</td>
    	    <td align="left"><input class="login3" type="text" name="j_username"></td>
    	</tr>
    	<tr>
    	    <td align="right" style="font-size: 12px; color: #212863;">Passwort:</td>
    	    <td align="left"><input class="login3" type="password" name="j_password"></td>
    	</tr>
    	<tr>
    	    <td align="right">&nbsp;</td>
    	    <td align="left">
    	    	<input type="submit" value="Login">
    	    	<input type="reset" value="Reset">
    	    </td>
    	</tr>
    	</table>
    	</fieldset>
    </div>
    	  
    </form>
    Then I removed the entries in my web.xml and added some lines in my applicationContext.xml:
    Code:
    <bean id="contextSource"
            class="org.springframework.ldap.core.support.LdapContextSource">
            <property name="url" value="ldap://adress:389" />
            <property name="base" value="ou=bhf-intern,o=bhf,c=de" />
            <property name="anonymousReadOnly" value="true" />
        </bean>
        <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
            <constructor-arg ref="contextSource" />
        </bean>
        
        <bean id="ldapConnector" class="ffb.mo.general.LDapConnector">
            <property name="ldapTemplate" ref="ldapTemplate" />
        </bean>
    What I try to achive is to call my own action method to get all the relevant parameters (including my new one) and authenticate by myself.
    But by entering username/password there is no effect. I even don't reach my bean method. No exception, nothing...

    Any applies would be appreciated!
    Thanks in advance.
    Last edited by m_dieu; Nov 19th, 2009, 05:10 AM.

  • #2
    I'm not sure why you need an extra parameter, but if you're abandoning J2EE authentication (which is the right thing to do), I would strongly suggest that you use Spring Security instead of a home-grown authentication system. I have migrated to Spring Security several times myself, including using an LDAP backend, and there's nothing that comes close to its flexibility and power.

    Take a look at this great presentation video from ěredev 2008, where Ben Alex incrementally applies security to a web application. The Spring Security forum will give you any help you need if you get stuck.

    Comment

    Working...
    X