Results 1 to 6 of 6

Thread: LDAP for authentication then DAOProvider for authorization?

  1. Jul 2nd, 2008, 01:52 AM #1
    eileandour
    eileandour is offline Junior Member
    Join Date
    May 2007
    Location
    Shenzhen, China
    Posts
    13

    Question LDAP for authentication then DAOProvider for authorization?

    Hi, guys
    I got a suitation, all my web applications are running on WAS, right now all of them are using LDAP for authentication and authorization which means WAS auto-generate an xml for store user information.
    Add/Remove user or change roles need login WAS console as WAS admin, then restart application for taking effect...(Only username & password can found in LDAP server)
    So I think is that any possibilities for using LDAP for authentication then using DAOProvider for authorization? Do I need define my own LDAP provider or just configure it?
    Last edited by eileandour; Jul 2nd, 2008 at 04:26 AM.
  2. Jul 3rd, 2008, 01:47 PM #2
    wskent
    wskent is offline Junior Member
    Join Date
    Feb 2008
    Location
    Sunset Beach, CA
    Posts
    9

    Default

    We also have a situation where we are using an LDAP for authentication, but will be using a custom DAO (stored procedure) for role based authorization. Suggestions or examples would be greatly appreciated. I already have acegi working with our LDAP, and already have the DAO done. Would like examples or suggestions on how best to wire the LDAP, and DAO into acegi.
  3. Jul 3rd, 2008, 08:54 PM #3
    eileandour
    eileandour is offline Junior Member
    Join Date
    May 2007
    Location
    Shenzhen, China
    Posts
    13

    Default

    I'm still struggling with LDAP...
    I can connect with it and browser it using LDAP browser, but I can achieve password for comparision in spring security, because I don't have super admin or some higher permission to do it.
    I don't know how WAS make LDAP authentication happens, it's more like only the one who login knows the password not somebody else...
    Honestly, for me LDAP still a mystery, any ideas or advises will be appreciate.

    for wskent, maybe you can try using your own AuthoritiesPopulator instead of DefaultLdapAuthoritiesPopulator as contructor-args of LdapAuthenticationProvider.
  4. Jul 4th, 2008, 04:54 AM #4
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    I don't really understand what you're saying about WAS. But it is very common not to be able to retrieve the password from the LDAP directory. Using the BindAuthenticator you don't need to retrieve it - the directory performs the authentication.
  5. Jul 4th, 2008, 06:59 AM #5
    eileandour
    eileandour is offline Junior Member
    Join Date
    May 2007
    Location
    Shenzhen, China
    Posts
    13

    Default

    Thanks Luke, I got wrong idea about LDAP authentication...
    I think maybe I didn't configure rightly, because no username was gained from LDAP...
  6. Jul 7th, 2008, 09:27 PM #6
    eileandour
    eileandour is offline Junior Member
    Join Date
    May 2007
    Location
    Shenzhen, China
    Posts
    13

    Default

    Everything works fine now!
    BTW, there's an UserDetailsServiceLdapAuthoritiesPopulator defined in Spring Security, so actually don't need redefine your own populator for Dao authorization.
    In this way, I don't know how namespaces configuration works, so using standard one.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules