Announcement Announcement Module
Collapse
No announcement yet.
Spring Security + CAS + LDAP + Authorization Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security + CAS + LDAP + Authorization

    All,

    We wanted to integrate spring security and CAS. for this part i got a good support from this forum. I even configured LDAP as authentication provider.
    Now i struck at configuring the authorization part of my application. For this l gone through with http://forum.springsource.org/showthread.php?t=47094 link. It really helped me to understand the things behind the authorization. but unfortunately this content is given in ACEGI perspective.
    Here i want to store the authorization information also in LDAP along with user information. where the org.springframework.security.ldap.populator.Defaul tLdapAuthoritiesPopulator should load the authorization details from LDAP.
    Need help in configuring the authorization with LDAP support. Quick help really appreciated

  • #2
    Did you read the relevant section of the manual? Link

    If you combine this with a review of the Javadoc / sample application for LDAP, it should be pretty straightforward. Reply back once you try setting it up if you still can't get it to work.

    Comment


    • #3
      Thanks for the quick reply, Peter. I followed the way it defined in link and javadoc as well. but no luck...
      here i am using apache ds as LDAP and could able to map groups and users in ldap. After authentication mapped groups are not populated as authorities.
      I am using Spring Security 3.0, CAS 3.3.5, Apache DS 1.5
      Can i achieve authorization with this provided integration combination?
      If i am not wrong authorities get populated by CAS and return with user principle object.
      It helps me very much if you could elaborate the steps if possible.
      Last edited by Vamshi; Jan 20th, 2010, 09:13 PM.

      Comment


      • #4
        Here is the exception that i am getting while login.

        Code:
        2010-01-21 11:24:16,375 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: admin]>
        2010-01-21 11:24:23,015 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-fUNZxpOPWHvg0NvQtcPx-cas] for service [https://127.0.0.1/petclinic/j_spring_cas_security_check] for user [admin]>
        2010-01-21 11:24:23,296 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate the user which provided the following credentials: [callbackUrl: https://127.0.0.1/petclinic/receptor]>
        2010-01-21 11:24:23,296 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: [callbackUrl: https://127.0.0.1/petclinic/receptor]>
        org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
                at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:290)
                at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:127)
                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
                at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                at java.lang.Thread.run(Unknown Source)
        Caused by: error.authentication.credentials.bad
                at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25)
                at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtainPrincipal(AuthenticationManagerImpl.java:99)
                at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:39)
                at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:261)
                ... 26 more
        2010-01-21 11:24:23,484 INFO [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - <No Proxy Ticket found for >
        2010-01-21 11:24:23,546 INFO [org.springframework.ldap.core.LdapTemplate] - <The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true>
        2010-01-21 11:24:23,609 WARN [org.springframework.security.event.authentication.LoggerListener] - <Authentication event AuthenticationSuccessEvent: admin; details: [email protected]: RemoteIpAddress: 127.0.0.1; SessionId: D24CD48D33E32B3D952BC45C4E855994>
        2010-01-21 11:24:23,609 WARN [org.springframework.security.event.authentication.LoggerListener] - <Authentication event InteractiveAuthenticationSuccessEvent: admin; details: [email protected]: RemoteIpAddress: 127.0.0.1; SessionId: D24CD48D33E32B3D952BC45C4E855994>
        2010-01-21 11:24:29,703 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.>
        2010-01-21 11:24:29,703 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.>
        Help needed......

        Comment


        • #5
          If i am not wrong authorities get populated by CAS and return with user principle object.
          It depends on how you have set up the CAS integration. Are you talking about CAS retrieving authority information from LDAP, or your Spring Sec application retrieving authority information from LDAP?

          Comment


          • #6
            Main aim is to read authorities from LDAP by CAS. and CAS to pass the user principle object with authorities populated back to spring security application

            Comment


            • #7
              So, have you verified that the CAS - LDAP population is happening correctly? You should see the authorities coming back in the CAS assertion.

              Comment


              • #8
                I don't know about CAS assertion and how to use it? . Could you please elaborate a bit. and if possible throw a sample program or configuration files for easy understanding.

                Comment


                • #9
                  If you want CAS to do the work of loading the authorities then you really need to understand CAS properly and how to customise it. You will find more information in the CAS user list archives and the CAS site, rather than here. It isn't easy though and will take some time.

                  Comment

                  Working...
                  X