-
Jun 8th, 2005, 04:28 PM
#1
Acegi Integration with CAS and Active Directory
Hi,
I am trying to integrate acegi framework with CAS server. I am storing all username and passwords in
the Active Directory and have already configured CAS server to authenticate via Active Directory.
I used sample web.xml and application-security.xml from
acegisecurity/samples/contacts/src/main/webapp/cas/WEB-INF
and added
<context-param>
<param-name>edu.yale.its.tp.cas.proxyUrl</param-name>
<param-value>http://localhost:8433/cas/proxy</param-value>
</context-param>
to the web.xml and used applicationContext-acegi-security.xml as it is except a few modifications to the URL paths and roles.
My application is based on appfuse and uses spring/hibernate/acegi. When I run my application, I get login prompt from CAS server, but after successfully authentication I get following error:
org.springframework.jdbc.BadSqlGrammarException: Bad SQL grammar [SELECT usernam
e,password,enabled FROM users WHERE username = ?] in task 'executing PreparedSta
tementCallback [PreparedStatementCreatorFactory.PreparedStatementC reatorImpl: sq
l=[SELECT username,password,enabled FROM users WHERE username = ?]: params=[sbha
tti]]'; nested exception is java.sql.SQLException: Invalid object name 'users'.
java.sql.SQLException: Invalid object name 'users'.
at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnos tic(SQLDiagnostic.j
ava:364)
at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(Td sCore.java:2778)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCor e.java:2214)
at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(T dsCore.java:597)
at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL Query(JtdsStatement
.java:343)
at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.ex ecuteQuery(JtdsPrep
aredStatement.java:665)
at org.apache.commons.dbcp.DelegatingPreparedStatemen t.executeQuery(Dele
gatingPreparedStatement.java:205)
at org.springframework.jdbc.core.JdbcTemplate$1.doInP reparedStatement(Jd
bcTemplate.java:505)
at org.springframework.jdbc.core.JdbcTemplate.execute (JdbcTemplate.java:
450)
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:49
2)
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:52
3)
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:54
4)
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:114)
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:201)
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:209)
I looked at JdbcTemplate and it has hard coded query. I don't have "users" table in the database. Instead, I would like to store all users in the active directory and all roles in the database. Can anyone
suggest how to configure acegi to use CAS-Active Directory for usernames/passwords and roles for the database.
Thanks in advance.
Shahzad
-
Jun 9th, 2005, 08:01 PM
#2
Hi,
I am not using AppFuse yet and I am not using ActiveDirectory but OpenLDAP in a remote Linux machine. I have the sample contacts application (for CAS) working with some mimor problems.
Looking at the code I have from the sample (DataSourcePopulator.java) I think you should have a user table defined with the same user names you have defined in your DIT. The Authotities table infact has constrains against the user table.
Try defining a user table and see what happens. Please let me know of your result.
PS: For the LDAP, did you create your own password handler or you used some third party library? I used ESUP and it is great.
Matt
Matt 'M
-
Jun 10th, 2005, 08:09 AM
#3
Matt,
I wrote my own AuthenticationDAO and implemented access to the active directory for user information and database for roles. So that worked out pretty good. I am overriding PasswordHandler and using Sun's Kerberos implementation to integrate with active directory. Thanks for your reply.
-Shahzad
PS: I wish instead Acegi has a cookbook of common usage patterns. It's really hard to find relevant information. Also break one monolithic contact example into smaller examples.
-
Jun 23rd, 2005, 10:28 AM
#4
Hi Shahzad,
Any luck with your ACEGI/Kerbores/Active Directory integeration? I am beginning to look into Appfuse myself. I was wondering may be I can ask you a few questions.
Due you have any documentation on Sun Kerbores/Actice directory imtegeration?
Thanks
Matt'M
Matt 'M
-
Jun 23rd, 2005, 12:24 PM
#5
Post subject: Acegi Integration with CAS and Active Director
Matt,
I got the basic authentication working, I found article at
http://www-106.ibm.com/developerwork...wa-singlesign/
helpful. Another problem I had was the CAS server didn't take self-generated certificate so I had to write null certificate verifier. And I had to write my own AuthenticationDAO instead of JdbcDaoImpl.
I have to do some other active directory lookup, but I have been busy with few other things at this time. I will come back to it later.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
