Announcement Announcement Module
Collapse
No announcement yet.
Need help in Basic Authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help in Basic Authentication

    I am using spring with jersey for Restful service.

    Here client request will have the authorization : basic.
    So the spring needs to check for every incoming request and check whether the username and password in the HTTP header matches the credentials in ldap.

    Can anyone guide me to implement this....

  • #2
    Hi, this is an example of "Setting Up a Spring MVC Application That Uses Spring Security with LDAP", it may be useful to you.

    first you shold modify your web.xml:

    Code:
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/app-service.xml
    			/WEB-INF/app-security.xml
    		</param-value>
    	</context-param>
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>
    			org.springframework.web.filter.DelegatingFilterProxy
    		</filter-class>
    	</filter>
    	
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    and your app-security.xml define the ldap server, for example:

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
    		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
    	<http access-decision-manager-ref="accessDecisionManager">
    		<form-login login-page="/login.jsp" default-target-url="/messageList" 
    			authentication-failure-url="/login.jsp?error=true"/>
    		<remember-me/>
    		<logout logout-success-url="/login.jsp" />
    		<anonymous username="guest" granted-authority="ROLE_GUEST"/>
    	</http>
    	
    	<ldap-server id="ldapServer"
    		url="ldap://localhost:389/dc=springrecipes,dc=com"
    		manager-dn="cn=Directory Manager" manager-password="ldap" />
    			
    	<authentication-manager>
    		<authentication-provider>
    			<password-encoder hash="{sha}" />
    			<ldap-user-service server-ref="ldapServer"
    				user-search-filter="uid={0}" user-search-base="ou=people"
    				group-search-filter="member={0}" group-search-base="ou=groups"
    				cache-ref="userCache" />
    		</authentication-provider>
    	</authentication-manager>	
    	
    	<beans:bean id="accessDecisionManager"
    		class="org.springframework.security.access.vote.AffirmativeBased" >
    		<beans:property name="decisionVoters">
    			<beans:list>
    				<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
    				<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />				
    			</beans:list>
    		</beans:property>
    	</beans:bean>
    	
    	<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager" />
    </beans:beans>

    Comment


    • #3
      I did the following and it worked.

      <http auto-config="true">
      <intercept-url pattern="/welcome*" access="ROLE_USER" />
      <http-basic/>
      </http>

      <authentication-manager>
      <authentication-provider>
      <user-service>
      <user name="user" password="password" authorities="ROLE_USER" />
      </user-service>
      </authentication-provider>
      </authentication-manager>

      But the issue with my app, the username in Basic authorization will be like 'User#emailaddress' and the password is 'secret'.

      Now I have to write custom authentication filter that reads username from HTTP headers and parse to get email address and username.Then I need to pass these 3 values [ emailID, username and password ] to a existing method which does ldap authentication.

      Comment

      Working...
      X