Jun 8th, 2005, 04:28 PM
Acegi Integration with CAS and Active Directory
I am trying to integrate acegi framework with CAS server. I am storing all username and passwords in
the Active Directory and have already configured CAS server to authenticate via Active Directory.
I used sample web.xml and application-security.xml from
to the web.xml and used applicationContext-acegi-security.xml as it is except a few modifications to the URL paths and roles.
My application is based on appfuse and uses spring/hibernate/acegi. When I run my application, I get login prompt from CAS server, but after successfully authentication I get following error:
org.springframework.jdbc.BadSqlGrammarException: Bad SQL grammar [SELECT usernam
e,password,enabled FROM users WHERE username = ?] in task 'executing PreparedSta
tementCallback [PreparedStatementCreatorFactory.PreparedStatementC reatorImpl: sq
l=[SELECT username,password,enabled FROM users WHERE username = ?]: params=[sbha
tti]]'; nested exception is java.sql.SQLException: Invalid object name 'users'.
java.sql.SQLException: Invalid object name 'users'.
at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnos tic(SQLDiagnostic.j
at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(Td sCore.java:2778)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCor e.java:2214)
at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(T dsCore.java:597)
at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL Query(JtdsStatement
at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.ex ecuteQuery(JtdsPrep
at org.apache.commons.dbcp.DelegatingPreparedStatemen t.executeQuery(Dele
at org.springframework.jdbc.core.JdbcTemplate$1.doInP reparedStatement(Jd
at org.springframework.jdbc.core.JdbcTemplate.execute (JdbcTemplate.java:
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:49
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:52
at org.springframework.jdbc.core.JdbcTemplate.query(J dbcTemplate.java:54
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:114)
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:201)
at org.springframework.jdbc.object.SqlQuery.execute(S qlQuery.java:209)
I looked at JdbcTemplate and it has hard coded query. I don't have "users" table in the database. Instead, I would like to store all users in the active directory and all roles in the database. Can anyone
suggest how to configure acegi to use CAS-Active Directory for usernames/passwords and roles for the database.
Thanks in advance.
Jun 9th, 2005, 08:01 PM
I am not using AppFuse yet and I am not using ActiveDirectory but OpenLDAP in a remote Linux machine. I have the sample contacts application (for CAS) working with some mimor problems.
Looking at the code I have from the sample (DataSourcePopulator.java) I think you should have a user table defined with the same user names you have defined in your DIT. The Authotities table infact has constrains against the user table.
Try defining a user table and see what happens. Please let me know of your result.
PS: For the LDAP, did you create your own password handler or you used some third party library? I used ESUP and it is great.
Jun 10th, 2005, 08:09 AM
I wrote my own AuthenticationDAO and implemented access to the active directory for user information and database for roles. So that worked out pretty good. I am overriding PasswordHandler and using Sun's Kerberos implementation to integrate with active directory. Thanks for your reply.
PS: I wish instead Acegi has a cookbook of common usage patterns. It's really hard to find relevant information. Also break one monolithic contact example into smaller examples.
Jun 23rd, 2005, 10:28 AM
Any luck with your ACEGI/Kerbores/Active Directory integeration? I am beginning to look into Appfuse myself. I was wondering may be I can ask you a few questions.
Due you have any documentation on Sun Kerbores/Actice directory imtegeration?
Jun 23rd, 2005, 12:24 PM
Post subject: Acegi Integration with CAS and Active Director
I got the basic authentication working, I found article at
helpful. Another problem I had was the CAS server didn't take self-generated certificate so I had to write null certificate verifier. And I had to write my own AuthenticationDAO instead of JdbcDaoImpl.
I have to do some other active directory lookup, but I have been busy with few other things at this time. I will come back to it later.