Results 1 to 3 of 3

Thread: Spring Security 3.1 help required for ldap authorisation

  1. Apr 12th, 2012, 02:39 AM #1
    ankan_dutta
    ankan_dutta is offline Junior Member
    Join Date
    Apr 2012
    Posts
    2

    Default Spring Security 3.1 help required for ldap authorisation

    Hi,

    I am facing a small problem spring security. In my case ldap authentication is working but the authorisation is not working somehow. Here is what I am doing.

    And in my application-context.xml I have defined my ldap authentication provider entry as follows ..

    <bean id="opendsAuthenticationProvider"
    class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
    <constructor-arg>
    <bean
    class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userDnPatterns">
    <beans:list>
    <beans:value>uid={0},ou=People</beans:value>
    </beans:list>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean
    class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="ou=Groups" />
    <property name="groupRoleAttribute" value="cn" />
    <property name="searchSubtree" value="false" />
    <property name="rolePrefix" value="" />
    <property name="convertToUpperCase" value="false" />
    </bean>
    </constructor-arg>
    </bean>

    My ldap has the following entry for the developer group ..

    dn: ou=Groups,dc=example,dc=com
    description: Group ou
    objectClass: organizationalUnit
    objectClass: top
    ou: Groups

    dn: cn=developer,ou=Groups,dc=example,dc=com
    cn: developer
    objectClass: top
    objectClass: groupOfUniqueNames
    uniqueMember: uid=johnsmith,ou=People,dc=example,dc=com


    Now when in application-security I am writing the following
    <http use-expressions="true">
    .....
    <intercept-url pattern="/pages/**" access="hasRole('developer')" />
    ...
    </http>
    <authentication-manager>
    <authentication-provider ref="opendsAuthenticationProvider" />
    </authentication-manager>

    application is not allowing even johnsmith to view pages matching "/pages/**". Can anybody please help.
    Reply With Quote Reply With Quote
  2. Jul 9th, 2012, 08:18 AM #2
    ankan_dutta
    ankan_dutta is offline Junior Member
    Join Date
    Apr 2012
    Posts
    2

    Default

    Can anybody please reply to this thread?
    Reply With Quote Reply With Quote
  3. Jul 9th, 2012, 04:52 PM #3
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Try enabling debug logging. If the logs do not help you, post the logs.

    PS: When posting configuration, logs, code, etc please use the code tags as this makes it easier to read.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules