Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3.1 help required for ldap authorisation Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3.1 help required for ldap authorisation

    Hi,

    I am facing a small problem spring security. In my case ldap authentication is working but the authorisation is not working somehow. Here is what I am doing.

    And in my application-context.xml I have defined my ldap authentication provider entry as follows ..

    <bean id="opendsAuthenticationProvider"
    class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
    <constructor-arg>
    <bean
    class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userDnPatterns">
    <beans:list>
    <beans:value>uid={0},ou=People</beans:value>
    </beans:list>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean
    class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="ou=Groups" />
    <property name="groupRoleAttribute" value="cn" />
    <property name="searchSubtree" value="false" />
    <property name="rolePrefix" value="" />
    <property name="convertToUpperCase" value="false" />
    </bean>
    </constructor-arg>
    </bean>


    My ldap has the following entry for the developer group ..

    dn: ou=Groups,dc=example,dc=com
    description: Group ou
    objectClass: organizationalUnit
    objectClass: top
    ou: Groups

    dn: cn=developer,ou=Groups,dc=example,dc=com
    cn: developer
    objectClass: top
    objectClass: groupOfUniqueNames
    uniqueMember: uid=johnsmith,ou=People,dc=example,dc=com



    Now when in application-security I am writing the following
    <http use-expressions="true">
    .....
    <intercept-url pattern="/pages/**" access="hasRole('developer')" />
    ...
    </http>
    <authentication-manager>
    <authentication-provider ref="opendsAuthenticationProvider" />
    </authentication-manager>


    application is not allowing even johnsmith to view pages matching "/pages/**". Can anybody please help.

  • #2
    Can anybody please reply to this thread?

    Comment


    • #3
      Try enabling debug logging. If the logs do not help you, post the logs.

      PS: When posting configuration, logs, code, etc please use the code tags as this makes it easier to read.

      Comment

      Working...
      X