Announcement Announcement Module
Collapse
No announcement yet.
Spring Security with Active Directory Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security with Active Directory

    I am trying to implement Sprign Security with Active Directory log in. However I am running into issues with Partial Exception errors. Is there anyway I can set the ignorePartialResultException to true in security-config.xml file?

  • #2
    Found a solution

    Actual problem was the referral property for AD. If anyone is interested abt the solution, let me know

    Comment


    • #3
      Hi, I'd be interested in seeing your solution as we seem to be having the same or similar problem getting LDAP to authenticate our users in active directory via the spring framework supplied / installed as part of a Jasperserver build.

      So any help / pointers or LDAP extract from your applicationcontext-security.xml would be really helpful.

      Thanks in advance

      Ric

      Comment


      • #4
        Active Directory Spring Security XML config

        See below
        Please see items in blue for user specific settings. Hopefully this works for you. I am not sure if you need all the different steps that I have here. I was trying different things and this finally worked for me. And then I was too lazy to change it fearing that it might break
        Good Luck
        Dhanya


        <?xml version="1.0" encoding="UTF-8"?>
        <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schem...-beans-3.1.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

        <global-method-security secured-annotations="enabled">
        </global-method-security>

        <http auto-config='true' authentication-manager-ref="authenticationManager">
        <intercept-url pattern="/**" access="ROLE_YourRoleinCaps" />
        <!--this tag requires the access to start with ROLE_ -->
        </http>

        <beans:bean id="contextSource"
        class="org.springframework.ldap.core.support.LdapC ontextSource">
        <beansroperty name="url" value="YourAdServer" />
        <beansroperty name="base" value="yourbasedc" />
        <beansroperty name="userDn"
        value="cn=YourUserIdtoaccessAD,ou=OUfortheUserIdtoaccessAD,dc=DCfortheUserIdtoaccessAD(ex:dc=system,dc=manager" />
        <beansroperty name="password" value="YourPasswordtoaccessAD" />
        <beansroperty name="pooled" value="true" />
        <!-- AD Specific Setting for avoiding the partial exception error -->
        <beansroperty name="referral" value="follow" />
        </beans:bean>

        <beans:bean id="ldapAuthenticationProvider"
        class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
        <beans:constructor-arg>
        <beans:bean
        class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
        <beans:constructor-arg ref="contextSource" />
        <beansroperty name="userSearch">
        <beans:bean id="userSearch"
        class="org.springframework.security.ldap.search.Fi lterBasedLdapUserSearch">
        <beans:constructor-arg index="0" value="" />
        <beans:constructor-arg index="1"
        value="(sAMAccountName={0})" />
        <beans:constructor-arg index="2" ref="contextSource" />
        </beans:bean>
        </beansroperty>
        </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
        <beans:bean
        class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource" />
        <beans:constructor-arg value="" />
        <beansroperty name="groupSearchFilter" value="(member={0})" />
        <beansroperty name="searchSubtree" value="true" />
        <!-- Below Settings convert the adds the prefix ROLE_ to roles returned
        from AD -->
        </beans:bean>
        </beans:constructor-arg>
        </beans:bean>

        <beans:bean id="authenticationManager"
        class="org.springframework.security.authentication .ProviderManager">
        <beans:constructor-arg>
        <beans:list>
        <beans:ref local="ldapAuthenticationProvider" />

        </beans:list>
        </beans:constructor-arg>
        </beans:bean>

        </beans:beans>

        Comment

        Working...
        X