You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by eduamt <do...@hotmail.com> on 2013/04/11 11:37:37 UTC
Shiro ActiveDirectory bind
Hi Community!
I'm new to shiro and new to AD/LDAP authentication and authorization.
I did the following in order to integrate shiro with spring:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.jsp"/>
<property name="successUrl" value="/menu.jsp"/>
<property name="unauthorizedUrl" value="/error.jsp"/>
</bean>
<bean id="realm"
class="org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm">
<property name="url" value="ldap://...:123/"/>
<property name="searchBase" value="DC=BASE,DC=COM"/>
<property name="principalSuffix" value="@DOMAIN.COM"/>
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm" />
</bean>
And then in my LoginServlet.java, I'm doing the following:
UsernamePasswordToken token = new UsernamePasswordToken(login, password);
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
currentUser.hasRole("AM-IS");
I'm trying to get the roles for the user but I get the following error
message:
In order to perform this operation a successful bind must be completed on
the connection.
So, it seems that the authentication is ok, but the authorization fails.
What am I doing wrong?!
Thanks
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-ActiveDirectory-bind-tp7578576.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro ActiveDirectory bind
Posted by Les Hazlewood <lh...@apache.org>.
Hiya,
Have you been able to set a breakpoint to see what the query is doing?
Maybe the search base is incorrect for the query?
The code is here if it helps to see what is going on for a role check:
http://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Thu, Apr 11, 2013 at 4:16 AM, eduamt <do...@hotmail.com> wrote:
> I saw this topic in the forum:
>
> http://shiro-user.582556.n2.nabble.com/Reading-user-roles-from-Active-Directory-td2503002.html#a2532619
>
> and really setting the systemPassword and systemUsername at my
> applicationContext.xml, made the exception go away.
> But still I'm not able to get roles, all roles my user has return as false.
> Since this topic is from 2009, how the subject changed?
>
> Thanks
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Shiro-ActiveDirectory-bind-tp7578576p7578577.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Shiro ActiveDirectory bind
Posted by eduamt <do...@hotmail.com>.
I saw this topic in the forum:
http://shiro-user.582556.n2.nabble.com/Reading-user-roles-from-Active-Directory-td2503002.html#a2532619
and really setting the systemPassword and systemUsername at my
applicationContext.xml, made the exception go away.
But still I'm not able to get roles, all roles my user has return as false.
Since this topic is from 2009, how the subject changed?
Thanks
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-ActiveDirectory-bind-tp7578576p7578577.html
Sent from the Shiro User mailing list archive at Nabble.com.