Announcement Announcement Module
No announcement yet.
Acegi Integration with CAS and Active Directory Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi Integration with CAS and Active Directory

    I am trying to integrate acegi framework with CAS server. I am storing all username and passwords in
    the Active Directory and have already configured CAS server to authenticate via Active Directory.
    I used sample web.xml and application-security.xml from
    and added
    to the web.xml and used applicationContext-acegi-security.xml as it is except a few modifications to the URL paths and roles.
    My application is based on appfuse and uses spring/hibernate/acegi. When I run my application, I get login prompt from CAS server, but after successfully authentication I get following error:

    org.springframework.jdbc.BadSqlGrammarException: Bad SQL grammar [SELECT usernam
    e,password,enabled FROM users WHERE username = ?] in task 'executing PreparedSta
    tementCallback [PreparedStatementCreatorFactory.PreparedStatementC reatorImpl: sq
    l=[SELECT username,password,enabled FROM users WHERE username = ?]: params=[sbha
    tti]]'; nested exception is java.sql.SQLException: Invalid object name 'users'.
    java.sql.SQLException: Invalid object name 'users'.
    at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnos tic(SQLDiagnostic.j
    at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(Td
    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCor
    at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(T
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL Query(JtdsStatement
    at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.ex ecuteQuery(JtdsPrep
    at org.apache.commons.dbcp.DelegatingPreparedStatemen t.executeQuery(Dele
    at org.springframework.jdbc.core.JdbcTemplate$1.doInP reparedStatement(Jd
    at org.springframework.jdbc.core.JdbcTemplate.execute (
    at org.springframework.jdbc.core.JdbcTemplate.query(J
    at org.springframework.jdbc.core.JdbcTemplate.query(J
    at org.springframework.jdbc.core.JdbcTemplate.query(J
    at org.springframework.jdbc.object.SqlQuery.execute(S
    at org.springframework.jdbc.object.SqlQuery.execute(S
    at org.springframework.jdbc.object.SqlQuery.execute(S

    I looked at JdbcTemplate and it has hard coded query. I don't have "users" table in the database. Instead, I would like to store all users in the active directory and all roles in the database. Can anyone
    suggest how to configure acegi to use CAS-Active Directory for usernames/passwords and roles for the database.
    Thanks in advance.

  • #2
    I am not using AppFuse yet and I am not using ActiveDirectory but OpenLDAP in a remote Linux machine. I have the sample contacts application (for CAS) working with some mimor problems.

    Looking at the code I have from the sample ( I think you should have a user table defined with the same user names you have defined in your DIT. The Authotities table infact has constrains against the user table.

    Try defining a user table and see what happens. Please let me know of your result.

    PS: For the LDAP, did you create your own password handler or you used some third party library? I used ESUP and it is great.



    • #3
      I wrote my own AuthenticationDAO and implemented access to the active directory for user information and database for roles. So that worked out pretty good. I am overriding PasswordHandler and using Sun's Kerberos implementation to integrate with active directory. Thanks for your reply.
      PS: I wish instead Acegi has a cookbook of common usage patterns. It's really hard to find relevant information. Also break one monolithic contact example into smaller examples.


      • #4
        Hi Shahzad,
        Any luck with your ACEGI/Kerbores/Active Directory integeration? I am beginning to look into Appfuse myself. I was wondering may be I can ask you a few questions.

        Due you have any documentation on Sun Kerbores/Actice directory imtegeration?



        • #5
          Post subject: Acegi Integration with CAS and Active Director

          I got the basic authentication working, I found article at

          helpful. Another problem I had was the CAS server didn't take self-generated certificate so I had to write null certificate verifier. And I had to write my own AuthenticationDAO instead of JdbcDaoImpl.
          I have to do some other active directory lookup, but I have been busy with few other things at this time. I will come back to it later.