Results 1 to 3 of 3

Thread: SPNEGO with ACEGI

  1. Mar 27th, 2008, 09:53 PM #1
    sangeetha
    sangeetha is offline Junior Member
    Join Date
    Apr 2007
    Posts
    1

    Default SPNEGO with ACEGI

    Hi,
    I initially tried implementing acegi to get url level authorization and also control the access levels for the controls in the jsp
    Our requirement is that the user to roles mapping will be available in teh Database and also the roles that are authorized to access the various urls will also be stored in DB
    So to do this, I used daoAuthenticationProvider and wrote my custom UserDetailsService where I looked up the roles for the user and set it in GrantedAuthority[]
    Then I created a UsernamePasswordAuthenticationToken obj and set it in the SecurityContextHolder.
    Now for the authrized roles for a url - written a custom implementation of the objectDefinitionSource of the filterInvocationInterceptor bean - where in teh implementation of lookupAttributes, I look up the roles for the passed in url from the Database

    With this I was able to get the user based page access working fine.
    For the jsp controls access control - I used authorize tags
    Now when I was working on this, I just used a sample jsp where I enter the user name and password and just retrieve them and pass them on to my custom implementation of UserDetailsService

    Now I have to use SSO - using SPNEGO
    So I have configured that part separately - SPNEGO using Websphere and got that part working separately fine

    Now I have to integrate these two together and be able to read the user also to go and look up the roles for that user
    Can anybody give me some lead on that - am just a little stuck there!
    Any help is appreciated

    Thanks
    Sangeetha
  2. May 14th, 2008, 08:49 AM #2
    jdepaul
    jdepaul is offline Member
    Join Date
    Jan 2007
    Posts
    95

    Default Integrating with SPNEGO...

    We too are facing a similar requirement - my plan of attack is to create a custom UserDetailsService for handling SPNEGO tokens. To get the Principle and the Domain, I think I can use this code:
    Code:
    HttpServletRequest httpReq = (HttpServletRequest)req;
String userName = httpReq.getHeader(“SSO_AD_USER”);
String domainName = httpReq.getHeader(“SSO_AD_DOMAIN”);
    THen, retrieval of the User Roles needs to be implemented based from DB or from Active Directory. Haven't started yet, but that's the general direction for me I think.

    Just wondering, if anyone might know - if the Roles are to be retrieved from ActiveDirectory, could a DefaultLdapAuthoritiesPopulator class be combined with my custom SPNEGO-based authorization module?!

    Thanks,
    James
  3. Nov 27th, 2008, 09:52 AM #3
    delirii
    delirii is offline Member
    Join Date
    Feb 2007
    Posts
    30

    Default

    Did you succeed ?
    A feedback if so could greatly help people (like me )
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules