Announcement Announcement Module
Collapse
No announcement yet.
Acegi Integration with CAS and Active Directory Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi Integration with CAS and Active Directory

    Hi,
    I am trying to integrate acegi framework with CAS server. I am storing all username and passwords in
    the Active Directory and have already configured CAS server to authenticate via Active Directory.
    I used sample web.xml and application-security.xml from
    acegisecurity/samples/contacts/src/main/webapp/cas/WEB-INF
    and added
    <context-param>
    <param-name>edu.yale.its.tp.cas.proxyUrl</param-name>
    <param-value>http://localhost:8433/cas/proxy</param-value>
    </context-param>
    to the web.xml and used applicationContext-acegi-security.xml as it is except a few modifications to the URL paths and roles.
    My application is based on appfuse and uses spring/hibernate/acegi. When I run my application, I get login prompt from CAS server, but after successfully authentication I get following error:

    org.springframework.jdbc.BadSqlGrammarException: Bad SQL grammar [SELECT usernam
    e,password,enabled FROM users WHERE username = ?] in task 'executing PreparedSta
    tementCallback [PreparedStatementCreatorFactory.PreparedStatementC reatorImpl: sq
    l=[SELECT username,password,enabled FROM users WHERE username = ?]: params=[sbha
    tti]]'; nested exception is java.sql.SQLException: Invalid object name 'users'.
    java.sql.SQLException: Invalid object name 'users'.
    at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnos tic(SQLDiagnostic.j
    ava:364)
    at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(Td sCore.java:2778)
    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCor e.java:2214)
    at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(T dsCore.java:597)
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL Query(JtdsStatement
    .java:343)
    at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.ex ecuteQuery(JtdsPrep
    aredStatement.java:665)
    at org.apache.commons.dbcp.DelegatingPreparedStatemen t.executeQuery(Dele
    gatingPreparedStatement.java:205)
    at org.springframework.jdbc.core.JdbcTemplate$1.doInP reparedStatement(Jd
    bcTemplate.java:505)
    at org.springframework.jdbc.core.JdbcTemplate.execute (JdbcTemplate.java:
    450)
    at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:49
    2)
    at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:52
    3)
    at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:54
    4)
    at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:114)
    at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:201)
    at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:209)



    I looked at JdbcTemplate and it has hard coded query. I don't have "users" table in the database. Instead, I would like to store all users in the active directory and all roles in the database. Can anyone
    suggest how to configure acegi to use CAS-Active Directory for usernames/passwords and roles for the database.
    Thanks in advance.
    Shahzad

  • #2
    Hi,
    I am not using AppFuse yet and I am not using ActiveDirectory but OpenLDAP in a remote Linux machine. I have the sample contacts application (for CAS) working with some mimor problems.

    Looking at the code I have from the sample (DataSourcePopulator.java) I think you should have a user table defined with the same user names you have defined in your DIT. The Authotities table infact has constrains against the user table.

    Try defining a user table and see what happens. Please let me know of your result.

    PS: For the LDAP, did you create your own password handler or you used some third party library? I used ESUP and it is great.

    Matt

    Comment


    • #3
      Matt,
      I wrote my own AuthenticationDAO and implemented access to the active directory for user information and database for roles. So that worked out pretty good. I am overriding PasswordHandler and using Sun's Kerberos implementation to integrate with active directory. Thanks for your reply.
      -Shahzad
      PS: I wish instead Acegi has a cookbook of common usage patterns. It's really hard to find relevant information. Also break one monolithic contact example into smaller examples.

      Comment


      • #4
        Hi Shahzad,
        Any luck with your ACEGI/Kerbores/Active Directory integeration? I am beginning to look into Appfuse myself. I was wondering may be I can ask you a few questions.

        Due you have any documentation on Sun Kerbores/Actice directory imtegeration?

        Thanks
        Matt'M

        Comment


        • #5
          Post subject: Acegi Integration with CAS and Active Director

          Matt,
          I got the basic authentication working, I found article at
          http://www-106.ibm.com/developerwork...wa-singlesign/

          helpful. Another problem I had was the CAS server didn't take self-generated certificate so I had to write null certificate verifier. And I had to write my own AuthenticationDAO instead of JdbcDaoImpl.
          I have to do some other active directory lookup, but I have been busy with few other things at this time. I will come back to it later.

          Comment

          Working...
          X