remember-me authentication with ldap

**cowabunga1984** · Jun 20th, 2011, 07:13 AM

Hi @ll,

I try to implement remember-me authentication connected to an ldap server, but the login is never processed via cookie

applicationContext-security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
          http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security 
          http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	
	<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
		<security:intercept-url 
			pattern="/terminal.html" 
			access="ROLE_A"/>
			
		<security:intercept-url 
			pattern="/messagebroker/amf" 
			access="ROLE_A"/>
		
		<security:form-login 
			login-page="/login.jsp"
			login-processing-url="/j_spring_security_check" 
			authentication-failure-url="/login.jsp?login_error=1" />
			
		<security:logout 
			logout-url="/logout" 
			logout-success-url="/logoutSuccess.jsp" />
			
		<security:remember-me
			key="foobar"/>
	</security:http>
	
	<security:ldap-server 
		id="ldapServer"
		url="@ad.url@"
		manager-dn="@ad.manager.dn@"
		manager-password="@ad.manager.password@"/>

	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
		<constructor-arg value="OU=SomeOU,DC=SomeDC,DC=SomeDC"/>
		<constructor-arg value="sAMAccountName={0}"/>
		<constructor-arg ref="ldapServer"/>
	</bean>
	
	<bean 
		id="authPopulator" 
		class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
		<constructor-arg ref="ldapServer" />
		<constructor-arg value="OU=SomeOU,OU=SomeOU,OU=SomeOU,DC=SomeDC,DC=SomeDC" />
		<property name="groupRoleAttribute" value="cn" />
		<property name="groupSearchFilter" value="member={0}"/>
		<property name="rolePrefix" value="ROLE_"/>
		<property name="searchSubtree" value="true"/>
	</bean>
 
	<bean 
		id="userDetailsService" 
		class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
		<constructor-arg ref="userSearch"/>
		<constructor-arg ref="authPopulator"/>
	</bean>
	
	<security:authentication-manager>
		<security:ldap-authentication-provider
			server-ref="ldapServer"
           	user-search-base="OU=SomeOU,DC=SomeDC,DC=SomeDC"
           	user-search-filter="sAMAccountName={0}"
			group-search-base="OU=SomeOU,OU=SomeOU,OU=SomeOU,DC=SomeDC,DC=SomeDC"
			group-search-filter="member={0}"
           	role-prefix="ROLE_"/>
	</security:authentication-manager>
	
	<security:global-method-security>
		<security:protect-pointcut
			expression="execution(* myapp.backend.services.PhoneCallService.*(..))" 
			access="ROLE_A"/>
	</security:global-method-security>
</beans>

Code:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> 
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
  <title>MyApp</title>
  <link rel="stylesheet" type="text/css" href="css/main.css"/>
</head>
<body>
<div id="login-form">
	<div id="login-header">
		<img id="logo" alt="App Logo" src="images/app_logo.png"/>
	</div>
	<c:if test="${not empty param.login_error}">
	  <font color="red">
	    Your login attempt was not successful, try again.<br/><br/>
	    Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
	  </font>
	</c:if>
	<form action="j_spring_security_check" method="post">
	  <p>
	    <label for="j_username">Benutzername:</label>
	    <input id="j_username" name="j_username" type="text" 
	    	style="width: 66%"/>
	  </p>
	  <p>
	    <label for="j_password">Passwort:</label>
	    <input id="j_password" name="j_password" type="password" 
	    	style="width: 66%"/>
	  </p>
	  <input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.
	  <input  type="submit" value="Login"/>
	</form>
</div>
</body>
</html>

Firebug shows
http://localhost:8080/myapp/j_spring_security_check
Status: 302 Moved Temporarily

Any suggestions?

cowabunga!

**cowabunga1984** · Jun 20th, 2011, 07:49 AM

Mhhh, I modified the security:http tag as follows:

Code:

	<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
		<security:intercept-url 
			pattern="/terminal.html" 
			access="ROLE_A"/>
			
		<security:intercept-url 
			pattern="/messagebroker/amf" 
			access="ROLE_A"/>
		
		<security:form-login 
			login-page="/login.jsp" 
			authentication-failure-url="/login.jsp?login_error=1" />
			
		<security:logout 
			logout-url="/logout" 
			logout-success-url="/logoutSuccess.jsp" />
			
		<security:remember-me
			data-source-ref="dataSource"
			token-validity-seconds="3600"/>
	</security:http>

Don't know why, but it seems to work now.

Thanks!
cowabunga

Thread: remember-me authentication with ldap

Thread Tools

Display

remember-me authentication with ldap

Tags for this Thread

Posting Permissions