Announcement Announcement Module
Collapse
No announcement yet.
Acegi for LDAP Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi for LDAP

    Hello Ben,
    I have used Acegi security for spring framework in my Web Project. It is very good. Currently user data is in Database so I had no trouble to integrate Acegi in my existing web project. But now we are shifting out user data from database to LDAP server. But same time I want to continue with Acegi as security part. So I tried to get some information how to use Acegi if I have LDAP at back end. But I didn't get enough information. In Acegi Reference document you just mentioned that it can be used with LDAP,JNDI etc. But there is not extensive information how to get it actually working . This is one thing.

    Another is we had attended a session on this Acegi security and during this session we had the following doubts that are still unanswered.

    1) Are there anything like certificates,policies,digest ?
    2) You are mentioning that Acegi is for Spring . Can't I use it with another framework?
    3) Is there any IDE support to generate XML files where we mention bean information?
    4) Is there Single sign on service feature ? Do I need CAS for SSO feature ?
    5) If I have cluster of application servers who will take care of load balancing and all ?

    These are some queries and concerns about Acegi. Please guide us .
    Thanks

  • #2
    Re: Acegi for LDAP

    Originally posted by vaibhav.gandhi
    Hello Ben,
    I have used Acegi security for spring framework in my Web Project. It is very good. Currently user data is in Database so I had no trouble to integrate Acegi in my existing web project. But now we are shifting out user data from database to LDAP server. But same time I want to continue with Acegi as security part. So I tried to get some information how to use Acegi if I have LDAP at back end. But I didn't get enough information. In Acegi Reference document you just mentioned that it can be used with LDAP,JNDI etc. But there is not extensive information how to get it actually working . This is one thing.
    LDAP support is in the sandbox. If you go to http://acegisecurity.sourceforge.net/downloads.html you will be able to find a link to nightly CVS snapshots, or of course you can download them directly from anonymous CVS. Robert Sanders is leading LDAP development, and I know he's keen for comments on the implementation. You can reach him via the Acegi Security forums or developer mailing list.


    Originally posted by vaibhav.gandhi
    Another is we had attended a session on this Acegi security and during this session we had the following doubts that are still unanswered.

    1) Are there anything like certificates,policies,digest ?
    We do offer digest authentication. We do not offer certificate support. It is complicated the reason why, but relates to client certificate exchange during TLS negotiation (ie when your HTTPS is established). I have some ideas on how to overcome that, but I either need the work to be sponsored by some organisation that needs certificate authentication and digital signature services, or else it will need to be done when I get through my current projects. Or, perhaps someone else can have a go at it - I'd be happy to provide advice etc.

    Originally posted by vaibhav.gandhi
    2) You are mentioning that Acegi is for Spring . Can't I use it with another framework?
    This comes up often and there is a detailed answer at http://acegisecurity.sourceforge.net/standalone.html.

    Originally posted by vaibhav.gandhi
    3) Is there any IDE support to generate XML files where we mention bean information?
    Spring has an IDE plugin, http://springide-eclip.sourceforge.net/. Acegi Security doesn't need a plugin, as we don't impose any special XML formats. This is the beauty of Spring. Once you learn the half dozen or so major XML directives, you can configure nearly anything.

    Originally posted by vaibhav.gandhi
    4) Is there Single sign on service feature ? Do I need CAS for SSO feature ?
    Yes, CAS works brilliantly for SSO. A new project you might like to consider is JOSSO. We haven't got an authentication provider to supoprt JOSSO yet, but it would be trivial to write one (maybe a day's work).

    Originally posted by vaibhav.gandhi
    5) If I have cluster of application servers who will take care of load balancing and all ?
    Yes, you can find a more detailed discussion on clustering and Acegi Security here: http://forum.springframework.org/viewtopic.php?t=3489.

    Hope this helps.

    Comment


    • #3
      I recently got started on the LDAP side of things. I hope to get some more documentation and unit tests completed in the relatively near future.

      Comment


      • #4
        Robert, Alex --

        what is the current status of the LDAP integration? Can you say if it is production ready / will be production ready in the near future?

        In general: is there a release date planned for Acegi 1.0 that will also include the Domain subproject.

        I would like to use both on a project we are currently starting up.

        Rgrds, Thomas

        Comment


        • #5
          We're shooting to get Acegi Security 1.0 out to coincide with Spring 1.3, which in turn is aiming its timing at the JavaOne conference.

          Comment


          • #6
            I have to admit I've been 'slacking' on the LDAP stuff. When I took it on I was working on a servlet / SpringMVC application; it has since been moved to my back-burner, I am currently helping out w/ some actionscript (Flash) etc... The last bit of the LDAP stuff I checked in should be pretty decent; I have some ideas as to where it probably needs to go to address the full range of possible LDAP setups, but I have only been doing a little on-and-off work on it; I do hope to get back to it soon.

            Comment


            • #7
              Thanks Ben , Robert,

              I built the Domain subproject in Eclipse using JDK 1.5. The customer requirements for the project I am working on prescribe JDK 1.4. This means I will not be able to use the Domain subproject as it is now. Will there be a seperate version of the project that supports JDK 1.4?

              Rgrds, Thomas

              Comment


              • #8
                Sorry, we're planning on sticking with 1.5+ for the Domain subproject, just because it so heavily relies on generics. You are able to use the validation package intact, though, and adapt the remaining code to be 1.4 compatible. There's not that much code in there - it's mostly knowing how to structure the methods and interfaces, which is easily moved to 1.4.

                Comment


                • #9
                  I have done this - I moved the whole Domain subproject to JDK 1.4. The main job was removing the abundant usage of generics, and refactoring the usage of some methods that were added in JDK 1.5 to the java.lang.String and java.lang.Class classes.

                  If anybody is interested, let me know, I can share the code.

                  Rgrds. Thomas

                  Comment


                  • #10
                    Thanks Thomas.

                    How did you find the domain subproject design? If you wanted to get involved in the project, you'd be most welcome. We could then maintain a 1.4 version of the code in CVS.

                    Comment


                    • #11
                      Ben --

                      I could assist with maintaining a 1.4 version of the domain sub-project. It would be my first active involvement in an open source project, and because of time and job constraints I cannot promise much, but this limited task should be do-able.

                      I have no comments on the design - maybe when I have some more experience using the project I will be able to comment on that.

                      Rgrds, Thomas

                      Comment


                      • #12
                        How can I start? I subscribed to the acegi-security developers mailing list, what next?

                        Rgrds, Thomas.

                        Comment


                        • #13
                          Originally posted by delnoij
                          How can I start? I subscribed to the acegi-security developers mailing list, what next.
                          Please email me off-list (ben.alex at acegi dot com dot au) and we can take it from there.

                          Comment

                          Working...
                          X