Announcement Announcement Module
Collapse
No announcement yet.
CAS + LDAP Authorization Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS + LDAP Authorization

    Hi @all!

    It took me a couple of hours to figure out the solution, I'll post it here in case someone else finds it helpful. Great stuff by the way, I do really enjoy working with it. I'm playing with Spring Security just for a couple of days around, so don't bite me if my solution is obvious or stupid or whatever. ;-) Any kind of critisism is highly appreciated! The task was to add LdapUserDetails after CAS-Authentication in order to implement LDAP Authorization.

    I've modified the example from http://isthisjava.blogspot.com/2007/...-security.html

    xxx-security.xml
    Code:
    <bean id="casAuthoritiesPopulator"      
         class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
        <property name="userDetailsService"><ref local="ldapDaoImpl"/></property>
       </bean>
    
    <bean id="ldapDaoImpl"
       class="xxx.security.ldap.LdapDaoImpl">
       <constructor-arg ref="ldapUserSearch" />
       <constructor-arg ref="ldapAuthoritiesPopulator" />        
    </bean>
        
    <bean id="ldapUserSearch"
       class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
       <constructor-arg index="0" value="" />      
       <constructor-arg index="1" value="(CN={0})" />      
       <constructor-arg index="2" ref="initialDirContextFactory" />                            
    </bean>
        
    <bean id="ldapAuthoritiesPopulator"    
        class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
       <constructor-arg index="0" ref="initialDirContextFactory" />
       <constructor-arg index="1" value="" />      
    </bean>
        
    <bean id="initialDirContextFactory"
       class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
       <constructor-arg value="ldap://<server>" />        
       <property name="managerDn" value="<manager-name>" />
       <property name="managerPassword" value="<password>" />                    
    </bean>

    LdapDaoImpl.java
    Code:
    package xxx.security.ldap;
    
    import org.acegisecurity.GrantedAuthority;
    import org.acegisecurity.ldap.LdapUserSearch;
    import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
    import org.acegisecurity.userdetails.UserDetails;
    import org.acegisecurity.userdetails.UserDetailsService;
    import org.acegisecurity.userdetails.UsernameNotFoundException;
    import org.acegisecurity.userdetails.ldap.LdapUserDetails;
    import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
    import org.springframework.beans.factory.InitializingBean;
    import org.springframework.dao.DataAccessException;
    import org.springframework.util.Assert;
    
    public class LdapDaoImpl implements UserDetailsService, InitializingBean {
    
    	private LdapAuthoritiesPopulator authoritiesPopulator;
    	private LdapUserSearch userSearch;
    	
    	public LdapDaoImpl(LdapUserSearch userSearch,
    			LdapAuthoritiesPopulator authoritiesPopulator) {
    		setUserSearch(userSearch);
    		setAuthoritiesPopulator(authoritiesPopulator);		
    	}
    	
    	private void setUserSearch(LdapUserSearch userSearch) {
            Assert.notNull(userSearch, "An LdapUserSearch must be supplied");
            this.userSearch = userSearch;
        }
    	
    	private void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) {
            Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
            this.authoritiesPopulator = authoritiesPopulator;
        }		
    
    	public UserDetails loadUserByUsername(String username)
    			throws UsernameNotFoundException, DataAccessException {
    		
    		LdapUserDetails ldapUser = userSearch.searchForUser(username);
    		LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
            user.setUsername(username);
    
            GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);
    
            for (int i = 0; i < extraAuthorities.length; i++) {
                user.addAuthority(extraAuthorities[i]);
            }
            return user.createUserDetails();
    	}
    
    	public void afterPropertiesSet() throws Exception {				
    	}
    }
    Best regards,
    Wadim

  • #2
    Just wanted to thank you for posting this! Saved me a bunch of hours! =)

    Comment

    Working...
    X