CAS + LDAP Authorization
Hi @all!
It took me a couple of hours to figure out the solution, I'll post it here in case someone else finds it helpful. Great stuff by the way, I do really enjoy working with it. I'm playing with Spring Security just for a couple of days around, so don't bite me if my solution is obvious or stupid or whatever. ;-) Any kind of critisism is highly appreciated! The task was to add LdapUserDetails after CAS-Authentication in order to implement LDAP Authorization.
I've modified the example from http://isthisjava.blogspot.com/2007/...-security.html
xxx-security.xml
Code:<bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> <property name="userDetailsService"><ref local="ldapDaoImpl"/></property> </bean> <bean id="ldapDaoImpl" class="xxx.security.ldap.LdapDaoImpl"> <constructor-arg ref="ldapUserSearch" /> <constructor-arg ref="ldapAuthoritiesPopulator" /> </bean> <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0" value="" /> <constructor-arg index="1" value="(CN={0})" /> <constructor-arg index="2" ref="initialDirContextFactory" /> </bean> <bean id="ldapAuthoritiesPopulator" class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0" ref="initialDirContextFactory" /> <constructor-arg index="1" value="" /> </bean> <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://<server>" /> <property name="managerDn" value="<manager-name>" /> <property name="managerPassword" value="<password>" /> </bean>
LdapDaoImpl.java
Best regards,Code:package xxx.security.ldap; import org.acegisecurity.GrantedAuthority; import org.acegisecurity.ldap.LdapUserSearch; import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator; import org.acegisecurity.userdetails.UserDetails; import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.userdetails.UsernameNotFoundException; import org.acegisecurity.userdetails.ldap.LdapUserDetails; import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl; import org.springframework.beans.factory.InitializingBean; import org.springframework.dao.DataAccessException; import org.springframework.util.Assert; public class LdapDaoImpl implements UserDetailsService, InitializingBean { private LdapAuthoritiesPopulator authoritiesPopulator; private LdapUserSearch userSearch; public LdapDaoImpl(LdapUserSearch userSearch, LdapAuthoritiesPopulator authoritiesPopulator) { setUserSearch(userSearch); setAuthoritiesPopulator(authoritiesPopulator); } private void setUserSearch(LdapUserSearch userSearch) { Assert.notNull(userSearch, "An LdapUserSearch must be supplied"); this.userSearch = userSearch; } private void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) { Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied"); this.authoritiesPopulator = authoritiesPopulator; } public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { LdapUserDetails ldapUser = userSearch.searchForUser(username); LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser); user.setUsername(username); GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser); for (int i = 0; i < extraAuthorities.length; i++) { user.addAuthority(extraAuthorities[i]); } return user.createUserDetails(); } public void afterPropertiesSet() throws Exception { } }
Wadim
