You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Jonathan Barker <jo...@gmail.com> on 2008/03/28 15:48:12 UTC
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
I realized I may not have answered your second question.
The configuration built up using
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider);
is used in the SecurityModule of tapestry5-acegi for:
public static AuthenticationManager buildProviderManager(final List<
AuthenticationProvider > providers)
This is just standard tapestry-ioc design.
If you read the Acegi docs, everything talks Spring. But if every time you
see a "build" method in tapestry-ioc, you look for a "bean" definition in
Spring, things will suddenly make sense. Then look at how lists are passed
to beans in Spring, and you will understand all of the "contribute" methods.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out) for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator, UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
> DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
> configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
Posted by Mahen Perera <Ma...@igindex.co.uk>.
Thanks Jonathan. Both your e-mails are very helpful. I will try to get
something working based on this, and come back to you if I encounter any
issues.
-----Original Message-----
From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
Sent: 28 March 2008 14:48
To: 'Tapestry users'
Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider -
other half
I realized I may not have answered your second question.
The configuration built up using
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
r);
is used in the SecurityModule of tapestry5-acegi for:
public static AuthenticationManager buildProviderManager(final List<
AuthenticationProvider > providers)
This is just standard tapestry-ioc design.
If you read the Acegi docs, everything talks Spring. But if every time
you
see a "build" method in tapestry-ioc, you look for a "bean" definition
in
Spring, things will suddenly make sense. Then look at how lists are
passed
to beans in Spring, and you will understand all of the "contribute"
methods.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out)
for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator,
UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
>
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider,
@InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
>
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you
are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and
then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services
Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and
for
> the use of the addressee only, unless otherwise indicated. If you are
not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender
by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.)
that
> do not relate to the official business of this company shall be
understood
> as neither given nor endorsed by it. IG Index plc is a company
registered
> in England and Wales under number 01190902. VAT registration number
761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority.
FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org