Grails-SpringSecurity-LDAP

[Malhar]

Hi,

I am able to configure grails-springsecurity-ldap in my application but I am not able to ge the role from ldap. I have created group, in that group e.g. I have 2 object one is admin(has 1 user) and other is user(has 5 users). I am able to authenticate but not able to access the page which I am requesting after successful login. It shows me message for access denied.
I just want to know, how to identify roles when you are authenticate user using ldap?
Do I need to create more attributes for role?
How we map those in springsecurity/grails?

Please help me to resolve this basic issue.

Thanks in advace,
Malhar

[Malhar]

Hi,

I got the answers of my few questions:

1. I just want to know, how to identify roles when you are authenticate user using ldap?
By default LDAP group memberships will be converted to Spring Security roles. For example, if a user belongs to the 'Administrator' and 'Manager' groups, these will be converted to ROLE_ADMINISTRATOR and ROLE_MANAGER Roles.

2. Do I need to create more attributes for role?
I think so "no"

3. How we map those in springsecurity/grails?
You can disable this lookup by setting the 'ldapRetrieveGroupRoles' attribute to false. In this case you'd want to store Roles in your database and access them via your Role domain class and GORM - set the 'ldapRetrieveDatabaseRoles' attribute to true and configure Users' roles just as you would for a regular database-backed authentication store. If both attributes are true, both stores will be searched for Roles.

I think this might be this will help

[Malhar]

Hi,

I am able to do the configuration of spring-security-core and spring-security-ldap in grails.
1. I installed spring-security-core and then I created classes User, Role, UserRole using s2-quickstart of security-core plugin functionality.
2. I intalled spring-security-ladp plugin.
3. Configure properties of ldap in config.groovy then db related in database.groovy, buildconfig.groovy and url related in urlmappings.groovy.
4. Then I created two classes

Code:

import org.springframework.security.core.GrantedAuthority 
import org.springframework.security.core.userdetails.User


class MySecureUser extends User{
	final String fullname 
	final String email 
	final String lastname
	final String description
	
	MySecureUser(String username, String password, 
		boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, 
		boolean accountNonLocked, Collection<GrantedAuthority> authorities, String fullname, 
		String email, String lastname, String description) {
	
	super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities)
	
	this.fullname = fullname 
	this.email = email 
	this.lastname = lastname
	this.description = description
	}
}

Another class:

Code:

import java.util.Collection;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.ldap.core.DirContextAdapter 
import org.springframework.ldap.core.DirContextOperations 
import org.springframework.security.core.userdetails.UserDetails 
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper
import com.test.MySecureUser


class UserDetailsContextMapperImpl implements UserDetailsContextMapper {

	@Override
	public UserDetails mapUserFromContext(DirContextOperations ctx,
			String username, Collection<GrantedAuthority> authorities) {
		// TODO Auto-generated method stub
			String fullname = ctx.originalAttrs.attrs[''].values[0] 
			String email = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase() 
			String lastname = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase()
			String description = ctx.originalAttrs.attrs[''].values[0].toString().toLowerCase() 

			def userdetails = new MySecureUser(username, '', true, true, true, true, authorities, fullname, email, lastname, description) { }
			return userdetails
	}
	@Override
	public void mapUserToContext(UserDetails arg0, DirContextAdapter arg1) {
		// TODO Auto-generated method stub
		throw new IllegalStateException("Only retrieving data from AD is currently supported")
		
	}

}

5. Crate entry in resource.groovy of spring

Code:

ldapUserDetailsMapper(UserDetailsContextMapperImpl) {
	// bean attributes
 }

After running the application, it authenticate and working as per expectation.

But the problem is:
1. public UserDetails mapUserFromContext(DirContextOperations ctx,
String username, Collection<GrantedAuthority> authorities) is looking for authorities in the form of "List"
2. The User class which I have created with spring-security-core return the autority in the form of Set

I tried to use the same User class before writing MySecureUser but not getting any success?

Can anyone have hint, how to use the same class which spring-security-core created for User.?
Or is ther anything I missed?

Any inputs, welcome


Malhar

[Scganta]

Hello Malhar,

Would you be able to assist similar configuration that you have achieved? I just don't have time and can pay you for your time. Let me know.

[luisfrps]

Hello all,

Can you please help me on an issue I am having with Grails?

I have an Hibernate application (for accessing the DB) and a Grails (for the front end)

1.if I call from Grails the Hibernate project and make (the latest) return a hardcoded value without accessing the DB it shows the value on the page (in the Grails side)

2.if I call from a Grails Java class the Hibernate project and make the latest use Hibernate to access the DB I can get the value in Grails Java class but not on the Grails page

This means that if I run the Grails application as a Java application I can get the value from the DB but if I run as a Grails application I am getting an exception:

ERROR connection.DriverManagerConnectionProvider - JDBC Driver class not found: org.apache.derby.jdbc.ClientDriver

In the Hibernate project I had to configure the Derby Database in the xml file. Apparently I have to configure again in the Grails.

I would like to configure the DB outside the Grails project.

Do you know how can I do it?

Many thanks for your cooperation

Regards
Filipe

[Malhar]

Hello Malhar,

Would you be able to assist similar configuration that you have achieved? I just don't have time and can pay you for your time. Let me know.

.................................
Hi Scganta,

Sorry for the late reply..
Still you have issue with it.. If yes let me know, I'll help you...


Malhar