Results 1 to 2 of 2

Thread: Ldap-authnetication-provider namespace configuration and own filter for role

  1. Dec 30th, 2008, 10:21 AM #1
    dapam
    dapam is offline Junior Member
    Join Date
    Dec 2008
    Posts
    3

    Default Ldap-authnetication-provider namespace configuration and own filter for role

    Is it possible to use namespace ldap authentication like:
    Code:
    <security:http auto-config="false">
    <security:intercept-url pattern="/some_url/*"
      access="SOME_ROLE" />
    <security:form-login />
    <security:anonymous />
    <security:logout />
  </security:http>

  <ldap-server url="ldap://springframework.org:389/dc=springframework,dc=org" />

<ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
    and after successfull logging, use own filter to retrieve roles for this user? I've tried to do this (of course the code above isn't mine, it's straight from the reference guide), but as soon as trying to start app server, it's throwing exception
    java.lang.IllegalArgumentException: Unsupported configuration attributes: [SOME_
    ROLE]

    So is it necessary to also use ldap-authentication-provider to retrieve the roles? It seems, that reason behind the error is, that I'm not retrieving any roles from ldap-server using ldap-authentication-provider (they would be retrieved from other server / service by filter).
  2. Dec 30th, 2008, 03:05 PM #2
    Andrei Tsibets
    Andrei Tsibets is offline Senior Member
    Join Date
    Jun 2007
    Location
    Minsk, Belarus
    Posts
    215

    Default

    Look at sample ldap application:
    samples\ldap\src\main\webapp\WEB-INF\applicationContext-security.xml

    Code:
        <bean id="secondLdapProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <s:custom-authentication-provider />
		<constructor-arg>
			<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
				<constructor-arg ref="contextSource" />
				<property name="userSearch">
					<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
					  <constructor-arg index="0" value="ou=people"/>
					  <constructor-arg index="1" value="(uid={0})"/>
					  <constructor-arg index="2" ref="contextSource" />
					</bean>				
				</property>
			</bean>
		</constructor-arg>
		<constructor-arg>
			<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
				<constructor-arg ref="contextSource" />
				<constructor-arg value="ou=groups" />
				<property name="groupSearchFilter" value="(member={0})"/>
				<property name="rolePrefix" value="ROLE_"/>
				<property name="searchSubtree" value="true"/>
				<property name="convertToUpperCase" value="true"/>
			</bean>
		</constructor-arg>
    </bean>
    It is possible to pass custom implementation of LdapAuthoritiesPopulator intefaces as a second constructor argument.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules