Hi Marvin/Scott,
Thanks for your help. I can't seem to get it to work as expected though,
perhaps I'm doing something stupid?
I've replaced:
<sec:user-service id="userDetailsService">
<sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused"
authorities="ROLE_ADMIN" />
</sec:user-service>
With:
<bean id="userDetailsService"
class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"
>
<property name="convertToUpperCase" value="true" />
<constructor-arg index="0" value="role" />
</bean>
I've also replaced ticketValidator in the bean casAuthenticationProvider with
org.jasig.cas.client.validation.Saml11TicketValidator in securityContext.xml to
ensure SAML attributes are processed. It still seems that it's not working
though, throws the following exception:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.springframework.security.authentication.ProviderManager#0':
Cannot create inner bean '(inner bean)' of type
[org.springframework.security.config.authentication.AuthenticationManagerFactoryBean]
while setting bean property 'parent'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name '(inner bean)': FactoryBean threw exception on object creation;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name
'org.springframework.security.authenticationManager': Cannot resolve reference
to bean 'casAuthenticationProvider' while setting bean property 'providers'
with key [0]; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'casAuthenticationProvider' defined in ServletContext resource
[/WEB-INF/spring-configuration/securityContext.xml]: Initialization of bean
failed; nested exception is
org.springframework.beans.ConversionNotSupportedException: Failed to convert
property value of type
'org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService'
to required type
'org.springframework.security.core.userdetails.UserDetailsService' for property
'userDetailsService'; nested exception is java.lang.IllegalStateException:
Cannot convert value of type
[org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService]
to required type
[org.springframework.security.core.userdetails.UserDetailsService] for property
'userDetailsService': no matching editors or conversion strategy found
Any ideas?
Thanks
Paul
On 8 Sep 2011, at 14:28, Scott Battaglia wrote:
Haven't you noticed the Scott Battaglia Method yet? Contribute well-thought
out code (well from my perspective anyway haha) but forget to provide
documentation
In some places they would call that job security. In this instance, probably
time crunch :-)
On Thu, Sep 8, 2011 at 9:24 AM, Marvin Addison
<[email protected]<mailto:[email protected]>> wrote:
> I'd rather have the userDetailsService bean inspect the SAML attributes for a
> user
This is possible using a poorly documented component:
http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html
We've used this component for several Spring Security-enabled Webapps
here at Virginia Tech and it works exactly like you want. I have in
mind to contribute some documentation to spring sec some rainy day.
Then again with all the rain here we've had in the past week I should
have had plenty of time to do it; so maybe it's more like when hell
freezes over. Really needs more documentation in any case.
M
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
________________________________
This email and any attachments are confidential and intended solely for the use
of the addressee and may contain information which is covered by legal,
professional or other privilege. If you have received this email in error
please notify the system manager at [email protected] and delete this
email immediately. Any views or opinions expressed are solely those of the
author and do not necessarily represent those of the University of Ulster. The
University's computer systems may be monitored and communications carried out
on them may be recorded to secure the effective operation of the system and for
other lawful purposes. The University of Ulster does not guarantee that this
email or any attachments are free from viruses or 100% secure. Unless expressly
stated in the body of a separate attachment, the text of email is not intended
to form a binding contract. Correspondence to and from the University may be
subject to requests for disclosure by 3rd parties under relevant legislation.
The University of Ulster was founded by Royal Charter in 1984 and is registered
with company number RC000726 and VAT registered number GB672390524.The primary
contact address for the University of Ulster in Northern Ireland is,Cromore
Road, Coleraine, Co. Londonderry BT52 1SA
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
