Spring Rich Client + LDAP authentication and authorization

[felipecomp19]

Hi every one..

I'm trying to use the petclinic sample of the rich client with LDAP. I'm using the spring-security-ldap release 3.0.2. I've done the authentication with no problems, but the authorization is being really complicated. I'm would like to use "annotation" and for this I found in some place that I need to use the last version of spring-beans (org.springframework.beans-sources-3.0.2.RELEASE.jar). But when I chanched the version of the spring-beans I'm having this error:

ERROR,PetClinicStandalone,main] RuntimeException during startup
org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'serviceLocator' defined in class path resource [org/springframework/richclient/samples/petclinic/ctx/common/richclient-application-context.xml]: Cannot resolve reference to bean 'applicationServices' while setting bean property 'applicationServices'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'applicationServices' defined in class path resource [org/springframework/richclient/samples/petclinic/ctx/common/richclient-application-context.xml]: Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: Method must not be null

my applicationServices bean is this:

<bean id="applicationServices" class="org.springframework.richclient.application. support.DefaultApplicationServices">

<property name="applicationObjectConfigurerId">
<idref bean="applicationObjectConfigurer" />
</property>
<property name="imageSourceId">
<idref bean="imageSource" />
</property>
<property name="rulesSourceId">
<idref bean="rulesSource" />
</property>
<property name="conversionServiceId">
<idref bean="conversionService"/>
</property>
<property name="formComponentInterceptorFactoryId">
<idref bean="formComponentInterceptorFactory" />
</property>
<property name="binderSelectionStrategyId">
<idref bean="binderSelectionStrategy" />
</property>
<!--
<property name="messageSourceId"><idref bean="messageSource"/></property>
-->
</bean>

I've no idea about what i need inside it... I'm missing some thing? everthing is the same of the richclinet-application-context...

Can anyone help me? I didn't find anything on the web about this...

[gusgorman]

I'm would like to use "annotation" and for this I found in some place that I need to use the last version of spring-beans (org.springframework.beans-sources-3.0.2.RELEASE.jar). But when I chanched the version of the spring-beans I'm

Hi,

You do release that the jar you've mentioned there only has the source code in it?

[felipecomp19]

yes... in my project I'm using the .jar with the ".class" files....

When I changed to spring-beans 3.0.2 I've got some unimplemented methods in the class FormModel2BeanWrapperAdapter that is a inner class of ValangRichValidator of the package "org.springframework.binding.validation.suppor t" ... The methods are:

ublic boolean isAutoGrowNestedPaths() {
// TODO Auto-generated method stub
return false;
}

public void setAutoGrowNestedPaths(boolean arg0) {
// TODO Auto-generated method stub

}

public ConversionService getConversionService() {
// TODO Auto-generated method stub
return null;
}

public void setConversionService(ConversionService arg0) {
// TODO Auto-generated method stub

}

public TypeDescriptor getPropertyTypeDescriptor(String arg0)
throws BeansException {
// TODO Auto-generated method stub
return null;

i don't know if the problem are here because when I debug it is seems that the execution don't pass through it ...

I discovered that when trying to execute "at org.springframework.core.BridgeMethodResolver.find BridgedMethod(BridgeMethodResolver.java:65) " the method are receving a null "bridgeMethod" and the error comes.... But I don't know why this is happening...

Can you gusgurman or anyone help me???

[felipecomp19]

I still working in rich client + authorization... I think I'm getting close but, somothing is missing...

this is my security contexte:


<s:global-method-security pre-post-annotations="enabled"></s:global-method-security>

<s:authentication-manager>
<s:authentication-provider ref="ldapAuthenticationProvider">
</s:authentication-provider>
</s:authentication-manager>

<bean id="initialDirContextFactory"
class="org.springframework.security.ldap.DefaultSp ringSecurityContextSource">
...
</bean>

<bean id="ldapAuthenticationProvider"
class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
<constructor-arg>
<ref local="authenticator" />
</constructor-arg>

<constructor-arg>
<ref local="populator" />
</constructor-arg>

<!--
<property name="userCache" ref="userCache"/>
-->
</bean>

<bean id="authenticator"
class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<property name="userDnPatterns">
<list>
<value>uid={0},ou=employees,ou=partners</value>
<value>uid={0},ou=customers,ou=partners</value>
<value>uid={0},ou=suppliers,ou=partners</value>
</list>
</property>

<property name="userSearch">
<ref local="userSearch" />
</property>

</bean>


<bean id="populator"
class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<constructor-arg>
<value>ou=departments</value>
</constructor-arg>
<property name="groupRoleAttribute">
<value>ou</value>
</property>
<property name="searchSubtree">
<value>true</value>
</property>
<property name="enableAuthorities" value="true"/>
</bean>

and I put the anotation in the method that i want the authorization:

@PreAuthorize("hasRole('ROLE_HEAD_OF_ENGINEERING') ")
public void execute() {
if (wizardDialog == null) {
wizardForm = new CompoundForm();
wizardForm.setFormObject(new Owner());
wizardDialog = new WizardDialog(this);
}
wizardForm.setFormObject(new Owner());
wizardDialog.showDialog();
}

But it doesn't work... am I missing something? I tried something like this to:

<bean id="accountService" class="accounts.AccountServiceImpl">
Secure the secureAccount method, only allowing ROLE_ADMIN access.
<security:intercept-methods>
<securityrotect access="ROLE_ADMIN" method="secureAccount"/>
</security:intercept-methods>
</bean>

but doesn't to....

So How can I do that???? I've tried to "google " it a lot... but i'm not lucky....

help..

[adamarmistead]

Here's what I've got working:

in my web.xml:

Code:

<!--
    Configures the spring security filter.
  -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

in my security context:

Code:

<beans:bean id="userSearch"
              class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="${ldap.user-search-base}"/>
    <beans:constructor-arg index="1" value="${ldap.user-search-filter}"/>
    <beans:constructor-arg index="2" ref="contextSource" />
  </beans:bean>

  <beans:bean id="contextSource"
              class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="${ldap.url}"/>
    <beans:property name="userDn" value="${ldap.manager-dn}"/>
    <beans:property name="password" value="${ldap.manager-password}"/>
  </beans:bean>

  <beans:bean id="ldapAuthProvider"
              class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    <custom-authentication-provider/>
    <beans:constructor-arg>
      <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:property name="userSearch" ref="userSearch"/>
      </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg>

      <!-- An authorities populator that loads roles as LDAP groups a user is a member of. -->
      <beans:bean
        class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:constructor-arg value="${ldap.group-search-base}"/>
        <beans:property name="groupSearchFilter" value="${ldap.group-search-filter}"/>
      </beans:bean>
    </beans:constructor-arg>
  </beans:bean>

hope this helps.

[felipecomp19]

Hi everyone! After a long time a successfully resolved my problem.

What I needed to was to use a ProxyCreator to "intercept" de bean that I want to protect a method. Like this:

<bean id="autoProxyCreator" class='org.springframework.aop.framework.autoproxy .BeanNameAutoProxyCreator'>
<property name="interceptorNames">
<list>
<value>petClinicSecurity</value>
</list>
</property>
<property name="beanNames">
<list>
<value>newOwnerWizard</value>
<value>windowMenu</value>
</list>
</property>
<property name="proxyTargetClass" value="true"></property>
</bean>

<bean id="petClinicSecurity"
class="org.springframework.security.access.interce pt.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<!--
<property name="afterInvocationManager" ref="afterInvocationManager"
/>
-->
<property name="securityMetadataSource">
<value>
org.springframework.richclient.samples.petclinic.u i.NewOwnerWizard.execute=ROLE_HEAD_OF_ENGINEERING
org.springframework.richclient.command.CommandGrou pFactoryBean.*=ROLE_HEAD_OF_ENGINEERING
</value>
</property>
</bean>

I hope this help someone.

Bye