Announcement Announcement Module
No announcement yet.
SPNEGO with ACEGI Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts


    I initially tried implementing acegi to get url level authorization and also control the access levels for the controls in the jsp
    Our requirement is that the user to roles mapping will be available in teh Database and also the roles that are authorized to access the various urls will also be stored in DB
    So to do this, I used daoAuthenticationProvider and wrote my custom UserDetailsService where I looked up the roles for the user and set it in GrantedAuthority[]
    Then I created a UsernamePasswordAuthenticationToken obj and set it in the SecurityContextHolder.
    Now for the authrized roles for a url - written a custom implementation of the objectDefinitionSource of the filterInvocationInterceptor bean - where in teh implementation of lookupAttributes, I look up the roles for the passed in url from the Database

    With this I was able to get the user based page access working fine.
    For the jsp controls access control - I used authorize tags
    Now when I was working on this, I just used a sample jsp where I enter the user name and password and just retrieve them and pass them on to my custom implementation of UserDetailsService

    Now I have to use SSO - using SPNEGO
    So I have configured that part separately - SPNEGO using Websphere and got that part working separately fine

    Now I have to integrate these two together and be able to read the user also to go and look up the roles for that user
    Can anybody give me some lead on that - am just a little stuck there!
    Any help is appreciated


  • #2
    Integrating with SPNEGO...

    We too are facing a similar requirement - my plan of attack is to create a custom UserDetailsService for handling SPNEGO tokens. To get the Principle and the Domain, I think I can use this code:
    HttpServletRequest httpReq = (HttpServletRequest)req;
    String userName = httpReq.getHeader(“SSO_AD_USER”);
    String domainName = httpReq.getHeader(“SSO_AD_DOMAIN”);
    THen, retrieval of the User Roles needs to be implemented based from DB or from Active Directory. Haven't started yet, but that's the general direction for me I think.

    Just wondering, if anyone might know - if the Roles are to be retrieved from ActiveDirectory, could a DefaultLdapAuthoritiesPopulator class be combined with my custom SPNEGO-based authorization module?!



    • #3
      Did you succeed ?
      A feedback if so could greatly help people (like me )