Announcement Announcement Module
Collapse
No announcement yet.
Use Ldap for authentication, and database for authorities Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Use Ldap for authentication, and database for authorities

    I need to use Ldap for authentication and database for authorization with spring security. When I enter login/password on login page, nothing appends !
    What am I doing wrong?

    applicationcontext-spring.xml
    Code:
    	 <security:http auto-config="false" access-denied-page="/accessDenied.jspx">
           <security:intercept-url pattern="/secured/**"
                                    access="ROLE_ALLACCESS, ROLE_URLACCESS"/>
           <security:form-login login-page="/springSecurityLogin.jspx"
           						default-target-url="/secured/welcome.jspx"/>
           <security:anonymous />
           <security:http-basic />
           <security:logout logout-success-url="/logoutSuccess.jspx" />
           <security:concurrent-session-control max-sessions="1" />     
        </security:http>
    
    	<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    			<constructor-arg  value="ldap://name:389"/>
    			<property name="userDn" value="uid=login,ou=people,o=compagny"/>
    			<property name="password" value="password"/>
    	</bean>
    	
    	<bean id="ldapAuthProvider"
    		class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    			<constructor-arg ref="authenticator"/>
    	        <constructor-arg ref="populator"/>
    	        <security:custom-authentication-provider/>
    	</bean> 
    
    	<bean id="authenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
    	            <constructor-arg ref="contextSource"/>
    	            <property name="userDnPatterns">
    	                <list>
    	                    <value>uid={0},ou=people,o=compagny</value>
    	                </list>
    	            </property>
    	</bean>
    
    	<bean id="populator" class="com.app.security.UserDetailsAuthoritiesPopulator">
    		 <constructor-arg ref="userService" />
    	</bean>
    Authorities Populator
    Code:
    public class UserDetailsAuthoritiesPopulator implements
    		LdapAuthoritiesPopulator {
    
    	private IUserService userService;
    
    	public UserDetailsAuthoritiesPopulator(IUserService userService) {
    		this.userService = userService;
    	}
    
    	public GrantedAuthority[] getGrantedAuthorities(
    			DirContextOperations userData, String username) {
    		Set<GrantedAuthorityImpl> userPerms = new HashSet<GrantedAuthorityImpl>();
    		
    		System.out.println("entering getGrantedAuthorities");
    
    		// get users permissions from service
    		User user = userService.findUser(username);
    		List<Role> permissions = user.getRoleList();
    
    		for (Role perm : permissions) {
    			System.out.println("perm : " + permissions);
    			userPerms.add(new GrantedAuthorityImpl(perm.getName()));
    		}
    		return userPerms.toArray(new GrantedAuthority[userPerms.size()]);
    	}
    
    }
    JSF login bean
    Code:
    public class LoginBean {
        private String userId;
        private String password;
    
        public LoginBean() {
    
            Exception ex = (Exception) FacesContext
                    .getCurrentInstance()
                    .getExternalContext()
                    .getSessionMap()
                    .get(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
    
            if (ex != null)
                FacesContext.getCurrentInstance().addMessage(
                        null,
                        new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
                                .getMessage(), ex.getMessage()));
    
        }
    
        public void login(ActionEvent e) throws java.io.IOException {
            FacesContext.getCurrentInstance().getExternalContext().redirect("/app/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
        }

  • #2
    in addition

    If I do a netstat -a after login I can see LDAP connection.
    But the eclipse console remains empty and there are no error messages !

    Comment


    • #3
      Set your logging to TRACE level, and you should see a bit more info.

      Comment


      • #4
        typeo

        I'm guessing root DN problem
        Code:
        <value>uid={0},ou=people,o=compagny</value>

        Comment


        • #5
          Thanks 4 all !

          Thanks 4 all ! I have set the searchSubtree property to true for the ldap authorities populator and it works !
          Now I have another problem.
          I have read the FAQ, but I don't understand how to login in with more information than just the username. Has anybody an example ? I try to develop a jsf app with spring. Spring is really good but it is difficult to learn and find examples.
          http://static.springframework.org/sp...a-login-fields

          Comment


          • #6
            What other information do you need from the login. Authentication object should contain most of the details.

            Comment


            • #7
              Access rights and error handling

              Access rights are based on roles but also on job competencies. So the login form is composed of three fields: username, password and competency.
              user1 role1 competency1
              user1 role2 competence1
              user 1 role1 competency2
              So to retrieve the granted authority of a user, I must do the following :
              select * from user_role where user = 'login' and competency ='competency'
              I have another problem, it seems impossible to display spring security exceptions (like bad credential) with the tag h:messages. So the integration of spring security within a jsf web app is complicated.

              Comment


              • #8
                Originally posted by cbonneau View Post
                Access rights are based on roles but also on job competencies. So the login form is composed of three fields: username, password and competency.
                user1 role1 competency1
                user1 role2 competence1
                user 1 role1 competency2
                So to retrieve the granted authority of a user, I must do the following :
                select * from user_role where user = 'login' and competency ='competency'
                I have another problem, it seems impossible to display spring security exceptions (like bad credential) with the tag h:messages. So the integration of spring security within a jsf web app is complicated.
                I have solved a similar problem where, in place of competencyX, I have FacilityX.

                My solution is as follows.

                On successful authentication all the roles from all the competencies are fetched from the database using a custom implementation of org.acegisecurity.providers.ldap.LdapAuthoritiesPo pulator. And the user is promted to select the preferred competency. The selected competency roles are populated into the security context in the session.

                For your case the above solution can be modified such that the prefered competency is fed along with login information.

                Comment

                Working...
                X