Announcement Announcement Module
No announcement yet.
Best approach 4 dynamic LDAP/Security config? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Best approach 4 dynamic LDAP/Security config?

    I am working on adding Single Sign On to my Spring 2.5.6 web app,
    (have 1 production client so far) with Spring Security 2.0.5; this is
    my 1st web app project (100+ web pages; 250+ source files) intranet
    only usage.

    I have a working test configuration with Spring LDAP 1.3 that does form
    login authentication using ApacheDS, doing Bind Authentication and roles via LDAP groups.

    I want to be able implement Site Settings stored in the database that an IT admin user
    can setup/change to configure the LDAP Security configuration,
    rather than having the LDAP hostname, port#, root dc=domain, managerDn,
    manager-password, whether groups provide roles / authorities or not, search-filters,
    ldap.userAttrName (e.g uid or sAMAccountName), etc, etc hard coded
    into an applicationContext-security.xml file.

    I want to support a wide range of LDAP server configurations, including Active Directory,
    as it is, , the one my customers will most likely be using.

    Spring Security config via a static xml file is an inflexible approach and
    if ...-security.xml is embedded in the .war file, updating the webapp war
    file becomes 'redo the configuration' nightmare for customer IT admin's.

    But since Spring Security is implemented via a complex filter chain proxy
    configured via xml (and web.xml entries), i don't see how to switch it on,
    say after a "setup wizard" mode, and to have it stay configured even when
    the war file is replaced, without having the web-app generate and add/update
    xml config files in it own application server configuration.

    This "self modifying" approach is bad practice, SO can anyone outline a better approach?

    Do i have to write a custom beanFactory that fetches Site Settings
    from the database (or supplies 1st time defaults from a .properties file)?