Acegi Plugin Exception: No such property: domainClass for LdapUserDetailsImpl

[Kevin Ternes]

I have the Acegi plugin installed in an example web app and when I visit the User, Role or Requestmap, I get the following exception:

SecurityConfig.groovy: Loading LDAP Config...
SecurityConfig.groovy: Setting up request map...
2010-04-22 15:19:20,377 [http-8080-1] ERROR errors.GrailsExceptionResolver - No such property: domainClass for class: org.springframework.security.userdetails.ldap.Ldap UserDetailsImpl
groovy.lang.MissingPropertyException: No such property: domainClass for class: org.springframework.security.userdetails.ldap.Ldap UserDetailsImpl
at AcegiGrailsPlugin$_addControllerMethods_closure23. doCall(AcegiGrailsPlugin.groovy:926)
at AcegiGrailsPlugin$_addControllerMethods_closure23. doCall(AcegiGrailsPlugin.groovy)
at RoleController$_closure1.doCall(RoleController.gro ovy:15)
at RoleController$_closure1.doCall(RoleController.gro ovy)
at java.lang.Thread.run(Thread.java:619)

Searching through the code, I see plenty of domainClass fields but not one for LdapUserDetailsImpl.

My resources.config has:

import org.springframework.security.ldap.DefaultSpringSec urityContextSource;
import org.springframework.security.userdetails.ldap.Ldap UserDetailsMapper;
import org.codehaus.groovy.grails.plugins.springsecurity. *;

beans = {

println "resources.groovy: ..."

//
// Acegi configuration:
//
println "resources.groovy: Acegi configuration..."
def conf = AuthorizeTools.securityConfig.security
// Initialize Acegi LDAP Context to support referral.
contextSource(DefaultSpringSecurityContextSource, conf.ldapServer) {
userDn = conf.ldapManagerDn
password = conf.ldapManagerPassword
baseEnvironmentProperties = ['java.naming.referral': 'follow']
}
// The Acegi plugin assumes that there's a user in the database with the same username as the LDAP user.
// If you don't have user data in the database we'll get exceptions.
// This workaround will allow us to keep everything in AD.
ldapUserDetailsMapper(LdapUserDetailsMapper) {
passwordAttributeName = conf.ldapPasswordAttributeName
}

}

and my SecurityConfig.groovy (configured for AD) is:

security {

// see DefaultSecurityConfig.groovy for all settable/overridable properties

active = true
loginUserDomainClass = "User"
authorityDomainClass = "Role"
requestMapClass = "Requestmap"

// Use Active Directory to access users but not Roles.
println "SecurityConfig.groovy: Loading LDAP Config..."
useLdap = true
ldapSearchSubtree = true
ldapServer = 'ldap://amnas.sygen.sygeninternational.com:389'
ldapManagerDn = 'CN=Portal Admin,OU=Users,OU=IS,OU=Hendersonville,OU=Americas ,DC=Sygen,DC=Sygeninternational,DC=com'
ldapManagerPassword = 'SeeKret'
ldapSearchBase = 'dc=sygen,dc=sygeninternational,dc=com'
ldapSearchFilter = '(sAMAccountName={0})'
ldapGroupRoleAttribute = 'CN'
ldapGroupSearchBase = 'dc=sygen,dc=sygeninternational,dc=com'
ldapGroupSearchFilter = '(member={0})'
ldapRetrieveGroupRoles = true
ldapRetrieveDatabaseRoles = true


println "SecurityConfig.groovy: Setting up request map..."
useRequestMapDomainClass = true;
requestMapString = '''
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
'''

}

The ROLE_APP-GMS-MP-USERS is stored in Active Directory. The ROLE_ADMIN and ROLE_SUPER is in the database. The requestmap in the
database is not currently protecting /user, /role, or /requestmap.

Can anyone give me a hint? Thanks.

[burtbeckwith]

You should ask Grails plugin questions on the Grails user mailing list - most people on this forum don't use Grails: http://grails.org/Mailing+lists

[Kevin Ternes]

Good idea. Thanks.