Announcement Announcement Module
Collapse
No announcement yet.
[newbie-who-researched] ldap auth using spring-security-2.0.5 and AD Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • [newbie-who-researched] ldap auth using spring-security-2.0.5 and AD

    Hi, I'd love to say something like long time reader, first time poster, but the truth is I'm very new to spring security (and spring in general). I was able to get LDAP authentication working with a previous release of this product which used spring security 1.something, but I was mostly just following directions. I'd like to figure out what's actually going on, but the documentation hasn't been too kind to me.

    This is my ldap config in my security.xml file (mapped correctly in the web.xml like so:
    Code:
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/security.xml</param-value>
        </context-param>
    First of all, there are several authentication methods outlined in this security.xml file (this is for apache roller 5.0 beta). The first one has to do with openID. I haven't touched this section of the xml document because I don't understand it. The second section of definitions looks like this (some stuff obscured for obvious reasons).

    Code:
    <beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <beans:constructor-arg index="0" value="CN=stuff,DC=domain"/>
        <beans:constructor-arg index="1" value="uid={0}"/>
        <beans:constructor-arg index="2" ref="initialDirContextFactory"/>         
        <beans:property name="searchSubtree" value="true"/>           
    </beans:bean>     
    
    <beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <beans:constructor-arg ref="initialDirContextFactory"/>
                <beans:property name="userSearch" ref="ldapUserSearch"/>
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg ref="jdbcAuthoritiesPopulator"/>
    </beans:bean>    
    
    <beans:bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
        <beans:property name="defaultRole" value="groupNameUserHasToBelongTo"/>
    </beans:bean>
    In previous versions of spring security, we would dictate which provider to use via this:
    Code:
        <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
            <property name="providers">
                <list>
    <!--  This is what determines if we call the database for authentication
                    <ref local="daoAuthenticationProvider"/>
    -->
                    <!-- Uncomment this for LDAP/SSO configuration-->
                    <ref local="ldapAuthProvider"/>
                    <!-- Uncomment this for CAS/SSO configuration
                    <ref local="casAuthenticationProvider"/> -->
                    <!-- rememberMeAuthenticationProvider added programmatically -->
                </list>
            </property>
        </bean>
    I don't see a similar place in this newer security.xml file. There are, however, a couple of lines in this file that I don't understand though, and would like clarification on what they are.
    Code:
        <authentication-manager alias='authenticationManagerAlias'/>
        <authentication-provider user-service-ref="rollerUserService"/>
    Anyway, I'd appreciate any assistance anyone could offer as I am starting to feel out of my depth on this project.
Working...
X