W dniu 2010-08-18 12:08, Rahul pisze:
>> No problem, tomorrow i'll send our deployerConfig with little
explanation.
>
> Looking forward to that!
We have three authenticationHandlers: two for ldap users and third for
mysql users.
UjAuthHandler which is responsible for mysql authorization is simple
class implementing AuthenticationHandler.
After successful authorization credentialsToPrincipalResolvers are
searching for attributes.
They are created in a way that only one could find attributes for
authorized credentials.
You could check construction of our attributes repositories:
mySqlAttributeRepository
ldapAttributeRepository1
ldapAttributeRepository1
Each repository could return it’s own attributes.
You can find my deployerConfig below signature and as attachment to this
mail.
If something is not clear please ask and i'll try to explain.
--
Michal Pysz
Information Technology Section
Jagiellonian University
Krakow, Poland
https://login.uj.edu.pl/
http://www.jasig.org/cas/deployments/jagiellonian-university-
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property
name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<property name="filter"
value="(mail=%u)" />
<property name="principalAttributeName"
value="mail" />
<property name="searchBase"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource"
ref="contextSource" />
<property name="attributeRepository">
<ref
bean="ldapAttributeRepository1" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property
name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<property name="filter"
value="(uid=%U)" />
<property name="principalAttributeName"
value="mail" />
<property name="searchBase"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource"
ref="contextSource" />
<property name="attributeRepository">
<ref
bean="ldapAttributeRepository2" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<property name="attributeRepository">
<ref
bean="mySqlAttributeRepository" />
</property>
</bean>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="mail=%u"
/>
<property name="searchBase"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource"
ref="contextSource" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%U"
/>
<property name="searchBase"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource"
ref="contextSource" />
</bean>
<bean
class="org.uj.cas.adaptors.usosweb.UjAuthHandler" />
</list>
</property>
</bean>
<bean id="mySqlAttributeRepository"
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="MySQLdataSource"/>
<constructor-arg index="1" value="SELECT imie,nazwisko,login
FROM
USERS WHERE {0}"/>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="login" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="imie" value="imie" />
<entry key="nazwisko" value="nazwisko" />
</map>
</property>
</bean>
<bean id="MySQLdataSource"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>java:/comp/env/jdbc/CASMySQL</value>
</property>
</bean>
<bean id="ldapAttributeRepository1"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="mail" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="givenName" value="imie"/>
<entry key="sn" value="nazwisko"/>
<entry key="uid" value="uid"/>
<entry key="mail" value="mail"/>
</map>
</property>
</bean>
<bean id="ldapAttributeRepository2"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN"
value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="givenName" value="imie"/>
<entry key="sn" value="nazwisko"/>
<entry key="uid" value="uid"/>
<entry key="mail" value="mail"/>
</map>
</property>
</bean>
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="urls">
<list>
<value>ldap://ldapA.org.edu.pl/</value>
<value>ldap://ldapB.org.edu.pl/</value>
</list>
</property>
<property name="userDn"
value="uid=admin,ou=users,dc=org,dc=edu,dc=pl"/>
<property name="password" value="xxxxxxxx"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.connect.timeout</value>
</key>
<value>2000</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.read.timeout</value>
</key>
<value>2000</value>
</entry>
</map>
</property>
</bean>
</beans>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</property>
<property name="filter" value="(mail=%u)" />
<property name="principalAttributeName" value="mail" />
<property name="searchBase" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="ldapAttributeRepository1" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</property>
<property name="filter" value="(uid=%U)" />
<property name="principalAttributeName" value="mail" />
<property name="searchBase" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="ldapAttributeRepository2" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
<property name="attributeRepository">
<ref bean="mySqlAttributeRepository" />
</property>
</bean>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="mail=%u" />
<property name="searchBase" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource" ref="contextSource" />
</bean>
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%U" />
<property name="searchBase" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="contextSource" ref="contextSource" />
</bean>
<bean
class="org.uj.cas.adaptors.usosweb.UjAuthHandler" />
</list>
</property>
</bean>
<bean id="mySqlAttributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="MySQLdataSource"/>
<constructor-arg index="1" value="SELECT imie,nazwisko,login FROM USERS WHERE {0}"/>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="login" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="imie" value="imie" />
<entry key="nazwisko" value="nazwisko" />
</map>
</property>
</bean>
<bean id="MySQLdataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>java:/comp/env/jdbc/CASMySQL</value>
</property>
</bean>
<bean id="ldapAttributeRepository1"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="mail" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="givenName" value="imie"/>
<entry key="sn" value="nazwisko"/>
<entry key="uid" value="uid"/>
<entry key="mail" value="mail"/>
</map>
</property>
</bean>
<bean id="ldapAttributeRepository2"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="ou=People,o=org.edu.pl,dc=org,dc=edu,dc=pl" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="givenName" value="imie"/>
<entry key="sn" value="nazwisko"/>
<entry key="uid" value="uid"/>
<entry key="mail" value="mail"/>
</map>
</property>
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="urls">
<list>
<value>ldap://ldapA.org.edu.pl/</value>
<value>ldap://ldapB.org.edu.pl/</value>
</list>
</property>
<property name="userDn" value="uid=admin,ou=users,dc=org,dc=edu,dc=pl"/>
<property name="password" value="xxxxxxxx"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.connect.timeout</value>
</key>
<value>2000</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.read.timeout</value>
</key>
<value>2000</value>
</entry>
</map>
</property>
</bean>
</beans>
