You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Mahen Perera <Ma...@igindex.co.uk> on 2008/03/27 15:13:50 UTC
Tapestry 5 - Acegi ,, using LDAP authentication provider
Hi everybody.
I am trying to integrate tapestry 5 with Acegi security.
The authentication provider that I am using is LDAP based.
I see that most of the examples refer to using DAOAuthentication
provider.
Just checking if there is someone who used LDAP for the authentication.
I went thru http://www.localhost.nu/java/tapestry5-acegi/
, but looks like it is not using LDAP authentication.
Cheers
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
Posted by Mahen Perera <Ma...@igindex.co.uk>.
Thanks Jonathan. Both your e-mails are very helpful. I will try to get
something working based on this, and come back to you if I encounter any
issues.
-----Original Message-----
From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
Sent: 28 March 2008 14:48
To: 'Tapestry users'
Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider -
other half
I realized I may not have answered your second question.
The configuration built up using
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
r);
is used in the SecurityModule of tapestry5-acegi for:
public static AuthenticationManager buildProviderManager(final List<
AuthenticationProvider > providers)
This is just standard tapestry-ioc design.
If you read the Acegi docs, everything talks Spring. But if every time
you
see a "build" method in tapestry-ioc, you look for a "bean" definition
in
Spring, things will suddenly make sense. Then look at how lists are
passed
to beans in Spring, and you will understand all of the "contribute"
methods.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out)
for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator,
UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
>
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider,
@InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
>
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you
are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and
then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services
Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and
for
> the use of the addressee only, unless otherwise indicated. If you are
not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender
by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.)
that
> do not relate to the official business of this company shall be
understood
> as neither given nor endorsed by it. IG Index plc is a company
registered
> in England and Wales under number 01190902. VAT registration number
761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority.
FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
Posted by Jonathan Barker <jo...@gmail.com>.
I realized I may not have answered your second question.
The configuration built up using
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider);
is used in the SecurityModule of tapestry5-acegi for:
public static AuthenticationManager buildProviderManager(final List<
AuthenticationProvider > providers)
This is just standard tapestry-ioc design.
If you read the Acegi docs, everything talks Spring. But if every time you
see a "build" method in tapestry-ioc, you look for a "bean" definition in
Spring, things will suddenly make sense. Then look at how lists are passed
to beans in Spring, and you will understand all of the "contribute" methods.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out) for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator, UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
> DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
> configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Jonathan Barker <jo...@gmail.com>.
@Inject
private AuthenticationManager _authenticationManager;
Isn't Tapestry great? :-)
> -----Original Message-----
> From: Jacob Bergoo [mailto:jacob.bergoo@gmail.com]
> Sent: Friday, March 28, 2008 4:13 PM
> To: users@tapestry.apache.org
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
>
> Hi Jonathan,
> A quick question, how do you get the authenticationManager object into
> that
> page that you are using???
>
> thanks,
> Jacob
> --
> View this message in context: http://www.nabble.com/Tapestry-5---Acegi-
> %2C%2C-using-LDAP-authentication-provider-tp16330496p16361117.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Jacob Bergoo <ja...@gmail.com>.
Hi Jonathan,
A quick question, how do you get the authenticationManager object into that
page that you are using???
thanks,
Jacob
--
View this message in context: http://www.nabble.com/Tapestry-5---Acegi-%2C%2C-using-LDAP-authentication-provider-tp16330496p16361117.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Jonathan Barker <jo...@gmail.com>.
You do not need to write a UserDetails implementation for LDAP. Acegi
already did it. In fact, the only time I've hit where I needed to implement
a UserDetails object and UserDetailsService was creating my own custom
DAO-based authentication.
Now, if you're needing to save information to LDAP..., well that might be a
different story.
Also, you should read a related thread on the list: "ACEGI Problem with
anonymous"
And perhaps "Re: T5: Cannot get
org.acegisecurity.CredentialsExpiredException to work"
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 2:29 PM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> I understand your code. I need acegi take full control of the login and
> security of my web application. Say for example, if the user tries to
> directly go to a URL other than the login URL, then the user should be
> redirected to the login URL if there is no valid user session.
>
>
> About the LdapUserDetails object..
>
> Since the SecurityModule of tapestry5-acegi needs a
> UserDetailsServiceImpl,,,
> Is it correct to say that I have to write a UserDetailsServiceImpl class
> which uses LDAP in order to retrieve the correct UserDetails Object?
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 28 March 2008 14:34
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
>
> All of the classes are from Acegi. The LdapAuthenticationProvider
> returns a
> LdapUserDetails object.
>
> There are a number of ways to get Acegi to authenticate you. Here's
> part of
> what I do from a Login form where I automatically add authenticated
> users to
> a Users table (it needs a bit of cleaning up):
>
> UsernamePasswordAuthenticationToken authRequest =
> new
> UsernamePasswordAuthenticationToken(_username,_password);
> Authentication authResult;
>
> try {
> authResult =
> _authenticationManager.authenticate(authRequest);
> logger.info("successful login for: " +
> _username);
> // now see if they exist in the database:
> User user = new User();
> user.setUsername(_username);
> List<User> matches =
> _userDao.findByExample(user);
> if (matches.isEmpty()){
> Object principal =
> authResult.getPrincipal();
> if (principal instanceof
> LdapUserDetails){
> logger.info("adding new LDAP
> user"
> );
> LdapUserDetails details =
> (LdapUserDetails) principal;
>
> logger.info(details.getAttributes().getIDs().toString());
> Attribute nameAttr =
> details.getAttributes().get("name");
> Object o;
> try {
> o = nameAttr.get();
> if (o!= null && o
> instanceof
> String )
>
> user.setLastName((String)o);
> else
>
> user.setLastName(_username);
> .... you get the idea
>
>
>
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Friday, March 28, 2008 9:50 AM
> > To: Tapestry users
> > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Thanks Jonathan for that.
> >
> > Unclear on some stuff tho.
> > Since we are using a LDAP based authentication provider do we need to
> > have a UserDetailsServiceImpl?
> >
> >
> > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> > then it assumes having a UserDetailsServiceImpl.
> >
> > Also, when we do
> >
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> > r)
> > How does the Acegi framework get to know abt the LDAP authentication
> > provider.
> >
> >
> >
> > -----Original Message-----
> > From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> > Sent: 27 March 2008 18:28
> > To: 'Tapestry users'
> > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Here are the relevant portions (with identifying info stripped out)
> for
> > authentication with Active Directory. With AD, you need to use
> > bind-based
> > authentication.
> >
> > If you are using something like OpenLDAP, you may have access to the
> > password or password hash, so you would change the authenticator.
> >
> >
> > I have also lumped together building the BindAuthenticator,
> UserSearch,
> > DefaultLdapauthoritiesPopulator into the
> > buildLdapAuthenticationProvider()
> > function. These could be factored out.
> >
> > I'm also using an InMemoryDaoImpl for some development logins.
> >
> >
> > public final InitialDirContextFactory
> > buildInitialDirContextFactory(){
> > DefaultInitialDirContextFactory factory = new
> >
> DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> > DC=c
> > om");
> > factory.setManagerDn("cn=Ldap Account ,OU=Service
> > Accounts,OU=People,DC=domain,DC=com");
> > factory.setManagerPassword("password");
> > Map<String,String> extraEnvVars = new
> HashMap<String,String>();
> > extraEnvVars.put("java.naming.referral", "follow");
> > factory.setExtraEnvVars(extraEnvVars);
> > return factory;
> >
> > }
> >
> > public static AuthenticationProvider
> > buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> > throws
> > Exception {
> >
> > FilterBasedLdapUserSearch userSearch = new
> > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> > userSearch.setSearchSubtree(true);
> > userSearch.setDerefLinkFlag(true);
> >
> > BindAuthenticator authenticator = new
> > BindAuthenticator(factory);
> > authenticator.setUserSearch(userSearch);
> > authenticator.afterPropertiesSet();
> >
> > DefaultLdapAuthoritiesPopulator populator = new
> > DefaultLdapAuthoritiesPopulator(factory,"");
> > populator.setGroupRoleAttribute("cn");
> > populator.setGroupSearchFilter("member={0}");
> > populator.setDefaultRole("ROLE_ANONYMOUS");
> > populator.setConvertToUpperCase(true);
> > populator.setSearchSubtree(true);
> > populator.setRolePrefix("ROLE_");
> >
> > LdapAuthenticationProvider provider = new
> > LdapAuthenticationProvider(authenticator,populator);
> > return provider;
> > }
> >
> >
> > public static void contributeProviderManager(
> > OrderedConfiguration<AuthenticationProvider> configuration,
> > @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> > daoAuthenticationProvider,
> @InjectService("LdapAuthenticationProvider")
> > AuthenticationProvider ldapAuthenticationProvider){
> >
> >
> configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> > ;
> >
> >
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> > r);
> > }
> >
> > > -----Original Message-----
> > > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > > Sent: Thursday, March 27, 2008 10:14 AM
> > > To: users@tapestry.apache.org
> > > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> > >
> > > Hi everybody.
> > >
> > >
> > >
> > > I am trying to integrate tapestry 5 with Acegi security.
> > >
> > > The authentication provider that I am using is LDAP based.
> > >
> > >
> > >
> > > I see that most of the examples refer to using DAOAuthentication
> > > provider.
> > >
> > > Just checking if there is someone who used LDAP for the
> > authentication.
> > >
> > >
> > >
> > > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> > >
> > > , but looks like it is not using LDAP authentication.
> > >
> > >
> > >
> > > Cheers
> > >
> > >
> > >
> > > The information contained in this email is strictly confidential and
> > for
> > > the use of the addressee only, unless otherwise indicated. If you
> are
> > not
> > > the intended recipient, please do not read, copy, use or disclose to
> > > others this message or any attachment. Please also notify the sender
> > by
> > > replying to this email or by telephone (+44 (0)20 7896 0011) and
> then
> > > delete the email and any copies of it. Opinions, conclusions (etc.)
> > that
> > > do not relate to the official business of this company shall be
> > understood
> > > as neither given nor endorsed by it. IG Index plc is a company
> > registered
> > > in England and Wales under number 01190902. VAT registration number
> > 761
> > > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> > London
> > > SE1 8EZ. Authorised and regulated by the Financial Services
> Authority.
> > FSA
> > > Register number 114059.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services Authority.
> FSA
> > Register number 114059.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Mahen Perera <Ma...@igindex.co.uk>.
I understand your code. I need acegi take full control of the login and
security of my web application. Say for example, if the user tries to
directly go to a URL other than the login URL, then the user should be
redirected to the login URL if there is no valid user session.
About the LdapUserDetails object..
Since the SecurityModule of tapestry5-acegi needs a
UserDetailsServiceImpl,,,
Is it correct to say that I have to write a UserDetailsServiceImpl class
which uses LDAP in order to retrieve the correct UserDetails Object?
-----Original Message-----
From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
Sent: 28 March 2008 14:34
To: 'Tapestry users'
Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
All of the classes are from Acegi. The LdapAuthenticationProvider
returns a
LdapUserDetails object.
There are a number of ways to get Acegi to authenticate you. Here's
part of
what I do from a Login form where I automatically add authenticated
users to
a Users table (it needs a bit of cleaning up):
UsernamePasswordAuthenticationToken authRequest =
new
UsernamePasswordAuthenticationToken(_username,_password);
Authentication authResult;
try {
authResult =
_authenticationManager.authenticate(authRequest);
logger.info("successful login for: " +
_username);
// now see if they exist in the database:
User user = new User();
user.setUsername(_username);
List<User> matches =
_userDao.findByExample(user);
if (matches.isEmpty()){
Object principal =
authResult.getPrincipal();
if (principal instanceof
LdapUserDetails){
logger.info("adding new LDAP
user"
);
LdapUserDetails details =
(LdapUserDetails) principal;
logger.info(details.getAttributes().getIDs().toString());
Attribute nameAttr =
details.getAttributes().get("name");
Object o;
try {
o = nameAttr.get();
if (o!= null && o
instanceof
String )
user.setLastName((String)o);
else
user.setLastName(_username);
.... you get the idea
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out)
for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator,
UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
>
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider,
@InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
>
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
>
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you
are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and
then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services
Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and
for
> the use of the addressee only, unless otherwise indicated. If you are
not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender
by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.)
that
> do not relate to the official business of this company shall be
understood
> as neither given nor endorsed by it. IG Index plc is a company
registered
> in England and Wales under number 01190902. VAT registration number
761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority.
FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Jonathan Barker <jo...@gmail.com>.
All of the classes are from Acegi. The LdapAuthenticationProvider returns a
LdapUserDetails object.
There are a number of ways to get Acegi to authenticate you. Here's part of
what I do from a Login form where I automatically add authenticated users to
a Users table (it needs a bit of cleaning up):
UsernamePasswordAuthenticationToken authRequest =
new
UsernamePasswordAuthenticationToken(_username,_password);
Authentication authResult;
try {
authResult =
_authenticationManager.authenticate(authRequest);
logger.info("successful login for: " + _username);
// now see if they exist in the database:
User user = new User();
user.setUsername(_username);
List<User> matches = _userDao.findByExample(user);
if (matches.isEmpty()){
Object principal =
authResult.getPrincipal();
if (principal instanceof LdapUserDetails){
logger.info("adding new LDAP user"
);
LdapUserDetails details =
(LdapUserDetails) principal;
logger.info(details.getAttributes().getIDs().toString());
Attribute nameAttr =
details.getAttributes().get("name");
Object o;
try {
o = nameAttr.get();
if (o!= null && o instanceof
String )
user.setLastName((String)o);
else
user.setLastName(_username);
.... you get the idea
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out) for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator, UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
> DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
> configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Mahen Perera <Ma...@igindex.co.uk>.
Thanks Jonathan for that.
Unclear on some stuff tho.
Since we are using a LDAP based authentication provider do we need to
have a UserDetailsServiceImpl?
http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
then it assumes having a UserDetailsServiceImpl.
Also, when we do
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
r)
How does the Acegi framework get to know abt the LDAP authentication
provider.
-----Original Message-----
From: Jonathan Barker [mailto:jonathan.theitguy@gmail.com]
Sent: 27 March 2008 18:28
To: 'Tapestry users'
Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Here are the relevant portions (with identifying info stripped out) for
authentication with Active Directory. With AD, you need to use
bind-based
authentication.
If you are using something like OpenLDAP, you may have access to the
password or password hash, so you would change the authenticator.
I have also lumped together building the BindAuthenticator, UserSearch,
DefaultLdapauthoritiesPopulator into the
buildLdapAuthenticationProvider()
function. These could be factored out.
I'm also using an InMemoryDaoImpl for some development logins.
public final InitialDirContextFactory
buildInitialDirContextFactory(){
DefaultInitialDirContextFactory factory = new
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
DC=c
om");
factory.setManagerDn("cn=Ldap Account ,OU=Service
Accounts,OU=People,DC=domain,DC=com");
factory.setManagerPassword("password");
Map<String,String> extraEnvVars = new HashMap<String,String>();
extraEnvVars.put("java.naming.referral", "follow");
factory.setExtraEnvVars(extraEnvVars);
return factory;
}
public static AuthenticationProvider
buildLdapAuthenticationProvider(InitialDirContextFactory factory )
throws
Exception {
FilterBasedLdapUserSearch userSearch = new
FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
BindAuthenticator authenticator = new
BindAuthenticator(factory);
authenticator.setUserSearch(userSearch);
authenticator.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator populator = new
DefaultLdapAuthoritiesPopulator(factory,"");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("member={0}");
populator.setDefaultRole("ROLE_ANONYMOUS");
populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true);
populator.setRolePrefix("ROLE_");
LdapAuthenticationProvider provider = new
LdapAuthenticationProvider(authenticator,populator);
return provider;
}
public static void contributeProviderManager(
OrderedConfiguration<AuthenticationProvider> configuration,
@InjectService("DaoAuthenticationProvider") AuthenticationProvider
daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
AuthenticationProvider ldapAuthenticationProvider){
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
;
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
r);
}
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Thursday, March 27, 2008 10:14 AM
> To: users@tapestry.apache.org
> Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Hi everybody.
>
>
>
> I am trying to integrate tapestry 5 with Acegi security.
>
> The authentication provider that I am using is LDAP based.
>
>
>
> I see that most of the examples refer to using DAOAuthentication
> provider.
>
> Just checking if there is someone who used LDAP for the
authentication.
>
>
>
> I went thru http://www.localhost.nu/java/tapestry5-acegi/
>
> , but looks like it is not using LDAP authentication.
>
>
>
> Cheers
>
>
>
> The information contained in this email is strictly confidential and
for
> the use of the addressee only, unless otherwise indicated. If you are
not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender
by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.)
that
> do not relate to the official business of this company shall be
understood
> as neither given nor endorsed by it. IG Index plc is a company
registered
> in England and Wales under number 01190902. VAT registration number
761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority.
FSA
> Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Posted by Jonathan Barker <jo...@gmail.com>.
Here are the relevant portions (with identifying info stripped out) for
authentication with Active Directory. With AD, you need to use bind-based
authentication.
If you are using something like OpenLDAP, you may have access to the
password or password hash, so you would change the authenticator.
I have also lumped together building the BindAuthenticator, UserSearch,
DefaultLdapauthoritiesPopulator into the buildLdapAuthenticationProvider()
function. These could be factored out.
I'm also using an InMemoryDaoImpl for some development logins.
public final InitialDirContextFactory buildInitialDirContextFactory(){
DefaultInitialDirContextFactory factory = new
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,DC=c
om");
factory.setManagerDn("cn=Ldap Account ,OU=Service
Accounts,OU=People,DC=domain,DC=com");
factory.setManagerPassword("password");
Map<String,String> extraEnvVars = new HashMap<String,String>();
extraEnvVars.put("java.naming.referral", "follow");
factory.setExtraEnvVars(extraEnvVars);
return factory;
}
public static AuthenticationProvider
buildLdapAuthenticationProvider(InitialDirContextFactory factory ) throws
Exception {
FilterBasedLdapUserSearch userSearch = new
FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
BindAuthenticator authenticator = new BindAuthenticator(factory);
authenticator.setUserSearch(userSearch);
authenticator.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator populator = new
DefaultLdapAuthoritiesPopulator(factory,"");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("member={0}");
populator.setDefaultRole("ROLE_ANONYMOUS");
populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true);
populator.setRolePrefix("ROLE_");
LdapAuthenticationProvider provider = new
LdapAuthenticationProvider(authenticator,populator);
return provider;
}
public static void contributeProviderManager(
OrderedConfiguration<AuthenticationProvider> configuration,
@InjectService("DaoAuthenticationProvider") AuthenticationProvider
daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
AuthenticationProvider ldapAuthenticationProvider){
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider);
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider);
}
> -----Original Message-----
> From: Mahen Perera [mailto:Mahen.Perera@igindex.co.uk]
> Sent: Thursday, March 27, 2008 10:14 AM
> To: users@tapestry.apache.org
> Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Hi everybody.
>
>
>
> I am trying to integrate tapestry 5 with Acegi security.
>
> The authentication provider that I am using is LDAP based.
>
>
>
> I see that most of the examples refer to using DAOAuthentication
> provider.
>
> Just checking if there is someone who used LDAP for the authentication.
>
>
>
> I went thru http://www.localhost.nu/java/tapestry5-acegi/
>
> , but looks like it is not using LDAP authentication.
>
>
>
> Cheers
>
>
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org