Announcement Announcement Module
No announcement yet.
Spring Security 3.1 help required for ldap authorisation Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3.1 help required for ldap authorisation


    I am facing a small problem spring security. In my case ldap authentication is working but the authorisation is not working somehow. Here is what I am doing.

    And in my application-context.xml I have defined my ldap authentication provider entry as follows ..

    <bean id="opendsAuthenticationProvider"
    class=" ation.LdapAuthenticationProvider">
    class=" ation.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userDnPatterns">
    class=" ls.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="ou=Groups" />
    <property name="groupRoleAttribute" value="cn" />
    <property name="searchSubtree" value="false" />
    <property name="rolePrefix" value="" />
    <property name="convertToUpperCase" value="false" />

    My ldap has the following entry for the developer group ..

    dn: ou=Groups,dc=example,dc=com
    description: Group ou
    objectClass: organizationalUnit
    objectClass: top
    ou: Groups

    dn: cn=developer,ou=Groups,dc=example,dc=com
    cn: developer
    objectClass: top
    objectClass: groupOfUniqueNames
    uniqueMember: uid=johnsmith,ou=People,dc=example,dc=com

    Now when in application-security I am writing the following
    <http use-expressions="true">
    <intercept-url pattern="/pages/**" access="hasRole('developer')" />
    <authentication-provider ref="opendsAuthenticationProvider" />

    application is not allowing even johnsmith to view pages matching "/pages/**". Can anybody please help.

  • #2
    Can anybody please reply to this thread?


    • #3
      Try enabling debug logging. If the logs do not help you, post the logs.

      PS: When posting configuration, logs, code, etc please use the code tags as this makes it easier to read.