Announcement Announcement Module
Collapse
No announcement yet.
A question about Acegi Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • A question about Acegi

    Hi, i want to use Acegi for the authentication of my application. I am going to use LdapAuthenticationProvider and my configuration is the below:

    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,logoutFilte r,authenticationProcessingFilter,securityContextHo lderAwareRequestFilter,rememberMeProcessingFilter, anonymousProcessingFilter,exceptionTranslationFilt er,filterInvocationInterceptor
    </value>
    </property>
    </bean>

    ...........

    ...........


    <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
    <constructor-arg value="${ldapUrl}"/>

    <property name="managerDn"><value>${mangerDn}</value></property>
    <property name="managerPassword"><value>${managerPassword}</value></property>

    </bean>

    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0">
    <value>${baseDn}</value>
    </constructor-arg>
    <constructor-arg index="1">
    <value>(sAMAccountName={0})</value>
    </constructor-arg>
    <constructor-arg index="2">
    <ref local="initialDirContextFactory" />
    </constructor-arg>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    </bean>

    <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="userSearch">
    <ref local="userSearch" />
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
    <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    <constructor-arg><value>ou=General</value></constructor-arg>
    <property name="groupRoleAttribute"><value>ou</value></property>
    </bean>
    </constructor-arg>
    </bean>

    Well, I achieve the authentication with success, but i have some doubts, for example:

    1.- How can i get the authenticated user from my actions class?

    Thanks

  • #2
    You should be able to use 1 of the follow 2 mechanisms to get the authenticated user.

    Here's a way that does not couple your code to Acegi. Where request is the HttpServletRequest (preferred way in my mind)
    Code:
            request.getUserPrincipal().getName();
    or there is a static method from Acegi that will get you the information.

    Code:
        SecurityContextHolder.getContext().getAuthentication().getName();

    Comment


    • #3
      Another doubt more. In LDAP authentication, can i create an implementation of LdapUserDetails?, and if i can, how should i do it?

      Comment


      • #4
        Originally posted by pajarokillo View Post
        Another doubt more. In LDAP authentication, can i create an implementation of LdapUserDetails?, and if i can, how should i do it?
        Why do you want to do that? The Acegi LDAP implementation will handle that for you.

        Comment


        • #5
          Originally posted by karldmoore View Post
          Why do you want to do that? The Acegi LDAP implementation will handle that for you.
          I agree, but am curious to know why you think the Acegi LDAP implementation won't work for you. The nice thing about Acegi is that you can build your own implementation of UserDetails and UserDetailsService interfaces if you need to do something that Acegi doesn't support out of the box.

          Comment


          • #6
            Originally posted by cwash5 View Post
            I agree, but am curious to know why you think the Acegi LDAP implementation won't work for you. The nice thing about Acegi is that you can build your own implementation of UserDetails and UserDetailsService interfaces if you need to do something that Acegi doesn't support out of the box.
            Agreed, the pluggable nature its one of its best features. I'm curious to know what is lacking in the LDAP implementation.

            Comment


            • #7
              Well, i'm interesting in the below:

              I want authenticate againts LDAP but the information about user is in a database, then when i authenticate in my application using LdapAuthenticationProvider, Acegi creates an Authentication object, UsernamePasswordAuthenticationToken object, that it stores the 'authorities', the 'credentials' and the 'principal' where the Principal object is a LdapUserDetails object. But when i authenticate, i would like to access a database for retrieving more information about the user and store it in session or in an new implementation of UserDetails. That's possible?, and if it is, how?

              Comment


              • #8
                You could extend the LdapAuthenticationProvider and override the createUserDetails method.

                http://acegisecurity.org/multiprojec...vider.html#181

                Note that you will have to call the super versions first if you want the authorities to be loaded in the normal way.

                Comment

                Working...
                X