Announcement Announcement Module
Collapse
No announcement yet.
remember-me authentication with ldap Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • remember-me authentication with ldap

    Hi @ll,

    I try to implement remember-me authentication connected to an ldap server, but the login is never processed via cookie

    applicationContext-security.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="
              http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security 
              http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    	
    	<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
    		<security:intercept-url 
    			pattern="/terminal.html" 
    			access="ROLE_A"/>
    			
    		<security:intercept-url 
    			pattern="/messagebroker/amf" 
    			access="ROLE_A"/>
    		
    		<security:form-login 
    			login-page="/login.jsp"
    			login-processing-url="/j_spring_security_check" 
    			authentication-failure-url="/login.jsp?login_error=1" />
    			
    		<security:logout 
    			logout-url="/logout" 
    			logout-success-url="/logoutSuccess.jsp" />
    			
    		<security:remember-me
    			key="foobar"/>
    	</security:http>
    	
    	<security:ldap-server 
    		id="ldapServer"
    		url="@ad.url@"
    		manager-dn="@ad.manager.dn@"
    		manager-password="@ad.manager.password@"/>
    
    	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    		<constructor-arg value="OU=SomeOU,DC=SomeDC,DC=SomeDC"/>
    		<constructor-arg value="sAMAccountName={0}"/>
    		<constructor-arg ref="ldapServer"/>
    	</bean>
    	
    	<bean 
    		id="authPopulator" 
    		class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    		<constructor-arg ref="ldapServer" />
    		<constructor-arg value="OU=SomeOU,OU=SomeOU,OU=SomeOU,DC=SomeDC,DC=SomeDC" />
    		<property name="groupRoleAttribute" value="cn" />
    		<property name="groupSearchFilter" value="member={0}"/>
    		<property name="rolePrefix" value="ROLE_"/>
    		<property name="searchSubtree" value="true"/>
    	</bean>
     
    	<bean 
    		id="userDetailsService" 
    		class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
    		<constructor-arg ref="userSearch"/>
    		<constructor-arg ref="authPopulator"/>
    	</bean>
    	
    	<security:authentication-manager>
    		<security:ldap-authentication-provider
    			server-ref="ldapServer"
               	user-search-base="OU=SomeOU,DC=SomeDC,DC=SomeDC"
               	user-search-filter="sAMAccountName={0}"
    			group-search-base="OU=SomeOU,OU=SomeOU,OU=SomeOU,DC=SomeDC,DC=SomeDC"
    			group-search-filter="member={0}"
               	role-prefix="ROLE_"/>
    	</security:authentication-manager>
    	
    	<security:global-method-security>
    		<security:protect-pointcut
    			expression="execution(* myapp.backend.services.PhoneCallService.*(..))" 
    			access="ROLE_A"/>
    	</security:global-method-security>
    </beans>
    Code:
    <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
    <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
    <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> 
    <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
      <title>MyApp</title>
      <link rel="stylesheet" type="text/css" href="css/main.css"/>
    </head>
    <body>
    <div id="login-form">
    	<div id="login-header">
    		<img id="logo" alt="App Logo" src="images/app_logo.png"/>
    	</div>
    	<c:if test="${not empty param.login_error}">
    	  <font color="red">
    	    Your login attempt was not successful, try again.<br/><br/>
    	    Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
    	  </font>
    	</c:if>
    	<form action="j_spring_security_check" method="post">
    	  <p>
    	    <label for="j_username">Benutzername:</label>
    	    <input id="j_username" name="j_username" type="text" 
    	    	style="width: 66%"/>
    	  </p>
    	  <p>
    	    <label for="j_password">Passwort:</label>
    	    <input id="j_password" name="j_password" type="password" 
    	    	style="width: 66%"/>
    	  </p>
    	  <input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.
    	  <input  type="submit" value="Login"/>
    	</form>
    </div>
    </body>
    </html>
    Firebug shows
    http://localhost:8080/myapp/j_spring_security_check
    Status: 302 Moved Temporarily

    Any suggestions?

    cowabunga!

  • #2
    Mhhh, I modified the security:http tag as follows:
    Code:
    	<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
    		<security:intercept-url 
    			pattern="/terminal.html" 
    			access="ROLE_A"/>
    			
    		<security:intercept-url 
    			pattern="/messagebroker/amf" 
    			access="ROLE_A"/>
    		
    		<security:form-login 
    			login-page="/login.jsp" 
    			authentication-failure-url="/login.jsp?login_error=1" />
    			
    		<security:logout 
    			logout-url="/logout" 
    			logout-success-url="/logoutSuccess.jsp" />
    			
    		<security:remember-me
    			data-source-ref="dataSource"
    			token-validity-seconds="3600"/>
    	</security:http>
    Don't know why, but it seems to work now.

    Thanks!
    cowabunga

    Comment

    Working...
    X