You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by mgiammarco <mg...@gmail.com> on 2012/05/16 17:55:09 UTC
Active directory, map roles and permissions to use with camel-shiro
Hello,
I am using shiro with camel. I can authenticate an user with activedirectory
(ldap) but I am not able to map user groups in roles to user permissions.
And camel needs absolutely permissions to work.
Here is my config.ini:
My security injection code:
And the routing code that uses permissions:
Please help me, it is urgent!
Thanks,
Mario
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Active directory, map roles and permissions to use with
camel-shiro
Posted by mgiammarco <mg...@gmail.com>.
I have posted it again, can you read it better now?
Thanks,
Mario
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083p7564404.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Active directory, map roles and permissions to use with camel-shiro
Posted by Les Hazlewood <lh...@apache.org>.
Formatting did not come through on your code samples. Try sending the
email with plain text (not HTML formatted) directly to the Shiro user
list.
HTH,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog
On Wed, May 16, 2012 at 8:55 AM, mgiammarco <mg...@gmail.com> wrote:
> Hello,
> I am using shiro with camel. I can authenticate an user with activedirectory
> (ldap) but I am not able to map user groups in roles to user permissions.
> And camel needs absolutely permissions to work.
>
> Here is my config.ini:
>
>
>
>
> My security injection code:
>
>
>
> And the routing code that uses permissions:
>
>
>
>
> Please help me, it is urgent!
>
> Thanks,
> Mario
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Active directory, map roles and permissions to use with
camel-shiro
Posted by scSynergy <ro...@scsynergy.de>.
I do not see any RolePermissionResolver attached to your activeDirectoryRealm
which would look something like this:
rolePermissionResolver =
de.scsynergy.elementary.qi.shiro.ActiveDirectoryRolePermissionResolver
activeDirectoryRealm.rolePermissionResolver = $rolePermissionResolver
In order for Shiro to attach permissions to a Subject on login it needs to
map the AD group to the corresponding Shiro role and then load that role's
permissions from somewhere (in our case MongoDB) via a
RolePermissionResolver. Here is a hopefully helpful post which explains how
to do it
http://shiro-user.582556.n2.nabble.com/Example-Shiro-Active-Directory-Realm-with-role-gt-permission-mapping-td7579030.html.
We use Shiro, Camel and Active Directory with SPNEGO / Kerberos on Wildfly
application server and will gladly help as best we can.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083p7581127.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Active directory, map roles and permissions to use with
camel-shiro
Posted by mgiammarco <mg...@gmail.com>.
2012/5/18 Jonathan Barker [via Shiro User]
<ml...@n2.nabble.com>:
> You refer to a policy - what is the definition for your policy?
> Is the failure 1) it won't run, 2) it incorrectly authorizes, or 3) it
> incorrectly denies?
>
The user is correctly authenticated but his groups are not read, or
they are read but not mapped to roles. So the reply should be number
3.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083p7565328.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Active directory, map roles and permissions to use with camel-shiro
Posted by Jonathan Barker <jo...@gmail.com>.
Mario,
I've had some experience with Camel, and some with Shiro, and some AD,
just not together.
You refer to a policy - what is the definition for your policy?
Is the failure 1) it won't run, 2) it incorrectly authorizes, or 3) it
incorrectly denies?
I will certainly be using Camel, Shiro and AD together at some point,
so I am interested in your results.
Regards,
Jonathan
On Wed, May 16, 2012 at 6:35 PM, mgiammarco <mg...@gmail.com> wrote:
> Hello,
> I am using shiro with camel. I can authenticate an user with activedirectory
> (ldap) but I am not able to map user groups in roles to user permissions.
> And camel needs absolutely permissions to work.
>
> Here is my config.ini:
>
> [main]
> authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
> securityManager.authenticator.authenticationStrategy = $authcStrategy
>
>
> activeDirectoryRealm =
> org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
> activeDirectoryRealm.systemUsername=cn=padl,cn=Users,dc=comune,dc=prato,dc=local
> activeDirectoryRealm.systemPassword=xxxxxxxxxxxxxxxxxxxxxxx
> activeDirectoryRealm.url = ldap://172.16.1.98:389
> activeDirectoryRealm.groupRolesMap =
> "CN=menu_ufficiomobile_ania,OU=Menu,OU=Gruppi,OU=ComuneDiPrato,DC=comune,DC=prato,DC=local":"menu_ufficiomobile_ania"
>
> securityManager.realms = $activeDirectoryRealm
> [users]
>
> test = test,menu_ufficiomobile_passicarrabili, menu_ufficiomobile_rubati,
> menu_ufficiomobile_ordinanze, menu_ufficiomobile_ztl,
> menu_ufficiomobile_cciaa, menu_ufficiomobile_ania,
> menu_ufficiomobile_anagrafe, menu_ufficiomobile_mctc, menu_ufficiomobile_pra
>
>
> [roles]
>
> menu_ufficiomobile_anagrafe = prato:anagrafe
> menu_ufficiomobile_mctc = prato:mctc
> menu_ufficiomobile_pra = prato:pra
> menu_ufficiomobile_ania = prato:ania
> menu_ufficiomobile_cciaa = prato:cacomm
> menu_ufficiomobile_ztl = prato:ztl
> menu_ufficiomobile_ordinanze = prato:ordinanze
> menu_ufficiomobile_rubati = prato:rubati
> menu_ufficiomobile_passicarrabili = prato:permessi
>
>
>
>
> My security injection code:
>
> ShiroSecurityToken shiroSecurityToken =
> new ShiroSecurityToken(qr.getUserName(), qr.getPassword());
> ShiroSecurityTokenInjector shiroSecurityTokenInjector =
> new ShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
> arg0.getIn().setHeader("SHIRO_SECURITY_TOKEN",
> shiroSecurityTokenInjector.encrypt());
>
>
> And the routing code that uses permissions:
>
> from("seda:interrogaANIA").threads(1)
> .setHeader("db", constant(Database.ANIA)).policy(aniaS)
> .to("bean:interrogaANIA?method=interrogaBancaDati")
> .to("seda:prefilter");
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083p7562852.html
> Sent from the Shiro User mailing list archive at Nabble.com.
--
Jonathan Barker
ITStrategic
Re: Active directory, map roles and permissions to use with
camel-shiro
Posted by mgiammarco <mg...@gmail.com>.
Hello,
I am using shiro with camel. I can authenticate an user with activedirectory
(ldap) but I am not able to map user groups in roles to user permissions.
And camel needs absolutely permissions to work.
Here is my config.ini:
[main]
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
activeDirectoryRealm =
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
activeDirectoryRealm.systemUsername=cn=padl,cn=Users,dc=comune,dc=prato,dc=local
activeDirectoryRealm.systemPassword=xxxxxxxxxxxxxxxxxxxxxxx
activeDirectoryRealm.url = ldap://172.16.1.98:389
activeDirectoryRealm.groupRolesMap =
"CN=menu_ufficiomobile_ania,OU=Menu,OU=Gruppi,OU=ComuneDiPrato,DC=comune,DC=prato,DC=local":"menu_ufficiomobile_ania"
securityManager.realms = $activeDirectoryRealm
[users]
test = test,menu_ufficiomobile_passicarrabili, menu_ufficiomobile_rubati,
menu_ufficiomobile_ordinanze, menu_ufficiomobile_ztl,
menu_ufficiomobile_cciaa, menu_ufficiomobile_ania,
menu_ufficiomobile_anagrafe, menu_ufficiomobile_mctc, menu_ufficiomobile_pra
[roles]
menu_ufficiomobile_anagrafe = prato:anagrafe
menu_ufficiomobile_mctc = prato:mctc
menu_ufficiomobile_pra = prato:pra
menu_ufficiomobile_ania = prato:ania
menu_ufficiomobile_cciaa = prato:cacomm
menu_ufficiomobile_ztl = prato:ztl
menu_ufficiomobile_ordinanze = prato:ordinanze
menu_ufficiomobile_rubati = prato:rubati
menu_ufficiomobile_passicarrabili = prato:permessi
My security injection code:
ShiroSecurityToken shiroSecurityToken =
new ShiroSecurityToken(qr.getUserName(), qr.getPassword());
ShiroSecurityTokenInjector shiroSecurityTokenInjector =
new ShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
arg0.getIn().setHeader("SHIRO_SECURITY_TOKEN",
shiroSecurityTokenInjector.encrypt());
And the routing code that uses permissions:
from("seda:interrogaANIA").threads(1)
.setHeader("db", constant(Database.ANIA)).policy(aniaS)
.to("bean:interrogaANIA?method=interrogaBancaDati")
.to("seda:prefilter");
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Active-directory-map-roles-and-permissions-to-use-with-camel-shiro-tp7562083p7562852.html
Sent from the Shiro User mailing list archive at Nabble.com.