RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
@Inject private AuthenticationManager _authenticationManager; Isn't Tapestry great? :-) > -Original Message- > From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 4:13 PM > To: users@tapestry.apache.org > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > Hi Jonathan, > A quick question, how do you get the authenticationManager object into > that > page that you are using??? > > thanks, > Jacob > -- > View this message in context: http://www.nabble.com/Tapestry-5---Acegi- > %2C%2C-using-LDAP-authentication-provider-tp16330496p16361117.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Hi Jonathan, A quick question, how do you get the authenticationManager object into that page that you are using??? thanks, Jacob -- View this message in context: http://www.nabble.com/Tapestry-5---Acegi-%2C%2C-using-LDAP-authentication-provider-tp16330496p16361117.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
You do not need to write a UserDetails implementation for LDAP. Acegi already did it. In fact, the only time I've hit where I needed to implement a UserDetails object and UserDetailsService was creating my own custom DAO-based authentication. Now, if you're needing to save information to LDAP..., well that might be a different story. Also, you should read a related thread on the list: "ACEGI Problem with anonymous" And perhaps "Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work" > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 2:29 PM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > I understand your code. I need acegi take full control of the login and > security of my web application. Say for example, if the user tries to > directly go to a URL other than the login URL, then the user should be > redirected to the login URL if there is no valid user session. > > > About the LdapUserDetails object.. > > Since the SecurityModule of tapestry5-acegi needs a > UserDetailsServiceImpl,,, > Is it correct to say that I have to write a UserDetailsServiceImpl class > which uses LDAP in order to retrieve the correct UserDetails Object? > > -Original Message- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 28 March 2008 14:34 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > All of the classes are from Acegi. The LdapAuthenticationProvider > returns a > LdapUserDetails object. > > There are a number of ways to get Acegi to authenticate you. Here's > part of > what I do from a Login form where I automatically add authenticated > users to > a Users table (it needs a bit of cleaning up): > > UsernamePasswordAuthenticationToken authRequest = > new > UsernamePasswordAuthenticationToken(_username,_password); > Authentication authResult; > > try { > authResult = > _authenticationManager.authenticate(authRequest); > logger.info("successful login for: " + > _username); > // now see if they exist in the database: > User user = new User(); > user.setUsername(_username); > List matches = > _userDao.findByExample(user); > if (matches.isEmpty()){ > Object principal = > authResult.getPrincipal(); > if (principal instanceof > LdapUserDetails){ > logger.info("adding new LDAP > user" > ); > LdapUserDetails details = > (LdapUserDetails) principal; > > logger.info(details.getAttributes().getIDs().toString()); > Attribute nameAttr = > details.getAttributes().get("name"); > Object o; > try { > o = nameAttr.get(); > if (o!= null && o > instanceof > String ) > > user.setLastName((String)o); > else > > user.setLastName(_username); > you get the idea > > > > > > -Original Message- > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 28, 2008 9:50 AM > > To: Tapestry users > > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Thanks Jonathan for that. > > > > Unclear on some stuff tho. > > Since we are using a LDAP based authentication provider do we need to > > have a UserDetailsServiceImpl? > > > > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > > then it assumes having a UserDetailsServiceImpl. > > > > Also, when we do > > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > > r) > > How does the Acegi framework get to know abt the LDAP authentication > > provider. > > > > > > > > -Original Message- > > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > > Sent: 27 March 2008 18:28 > > To: 'Tapestry users' > > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Here are the relevant portions (with identifying info stripped out) >
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
I understand your code. I need acegi take full control of the login and security of my web application. Say for example, if the user tries to directly go to a URL other than the login URL, then the user should be redirected to the login URL if there is no valid user session. About the LdapUserDetails object.. Since the SecurityModule of tapestry5-acegi needs a UserDetailsServiceImpl,,, Is it correct to say that I have to write a UserDetailsServiceImpl class which uses LDAP in order to retrieve the correct UserDetails Object? -Original Message- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 28 March 2008 14:34 To: 'Tapestry users' Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider All of the classes are from Acegi. The LdapAuthenticationProvider returns a LdapUserDetails object. There are a number of ways to get Acegi to authenticate you. Here's part of what I do from a Login form where I automatically add authenticated users to a Users table (it needs a bit of cleaning up): UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(_username,_password); Authentication authResult; try { authResult = _authenticationManager.authenticate(authRequest); logger.info("successful login for: " + _username); // now see if they exist in the database: User user = new User(); user.setUsername(_username); List matches = _userDao.findByExample(user); if (matches.isEmpty()){ Object principal = authResult.getPrincipal(); if (principal instanceof LdapUserDetails){ logger.info("adding new LDAP user" ); LdapUserDetails details = (LdapUserDetails) principal; logger.info(details.getAttributes().getIDs().toString()); Attribute nameAttr = details.getAttributes().get("name"); Object o; try { o = nameAttr.get(); if (o!= null && o instanceof String ) user.setLastName((String)o); else user.setLastName(_username); you get the idea > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -----Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map extraEnvVars = new HashMap(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > &g
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
Thanks Jonathan. Both your e-mails are very helpful. I will try to get something working based on this, and come back to you if I encounter any issues. -Original Message- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 28 March 2008 14:48 To: 'Tapestry users' Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half I realized I may not have answered your second question. The configuration built up using configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide r); is used in the SecurityModule of tapestry5-acegi for: public static AuthenticationManager buildProviderManager(final List< AuthenticationProvider > providers) This is just standard tapestry-ioc design. If you read the Acegi docs, everything talks Spring. But if every time you see a "build" method in tapestry-ioc, you look for a "bean" definition in Spring, things will suddenly make sense. Then look at how lists are passed to beans in Spring, and you will understand all of the "contribute" methods. Jonathan > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -----Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map extraEnvVars = new HashMap(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > > } > > public static AuthenticationProvider > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > throws > Exception { > > FilterBasedLdapUserSearch userSearch = new > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > userSearch.setSearchSubtree(true); > userSearch.setDerefLinkFlag(true); > > BindAuthenticator authenticator = new > BindAuthenticator(factory); > authenticator.setUserSearch(userSearch); > authenticator.afterPropertiesSet(); > > DefaultLdapAuthoritiesPopulator populator = new > DefaultLdapAuthoritiesPopulator(factory,""); > populator.setGroupRoleAttribute("cn"); > populator.setGroupSearchFilter("member={0}"); > populator.setDefaultRole("ROLE_ANONYMOUS"); > populator.setConvertToUpperCase(true); > populator.setSearchSubtree(true); > populator.setRolePrefix("ROLE_"); > > LdapAuthenticationProvider provider = new > LdapAuthenticationProvider(authenticator,populator); > return provider; > } > > > public static void contributeProviderManager( > OrderedConfiguration configuration, > @InjectService("DaoAuthenticationProvider") AuthenticationProvider > daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") > AuthenticationProvider ldapAuthenticationProvider){ > > configuration.add(&
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider - other half
I realized I may not have answered your second question. The configuration built up using configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider); is used in the SecurityModule of tapestry5-acegi for: public static AuthenticationManager buildProviderManager(final List< AuthenticationProvider > providers) This is just standard tapestry-ioc design. If you read the Acegi docs, everything talks Spring. But if every time you see a "build" method in tapestry-ioc, you look for a "bean" definition in Spring, things will suddenly make sense. Then look at how lists are passed to beans in Spring, and you will understand all of the "contribute" methods. Jonathan > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map extraEnvVars = new HashMap(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > > } > > public static AuthenticationProvider > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > throws > Exception { > > FilterBasedLdapUserSearch userSearch = new > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > userSearch.setSearchSubtree(true); > userSearch.setDerefLinkFlag(true); > > BindAuthenticator authenticator = new > BindAuthenticator(factory); > authenticator.setUserSearch(userSearch); > authenticator.afterPropertiesSet(); > > DefaultLdapAuthoritiesPopulator populator = new > DefaultLdapAuthoritiesPopulator(factory,""); > populator.setGroupRoleAttribute("cn"); > populator.setGroupSearchFilter("member={0}"); > populator.setDefaultRole("ROLE_ANONYMOUS"); > populator.setConvertToUpperCase(true); > populator.setSearchSubtree(true); > populator.setRolePrefix("ROLE_"); > > LdapAuthenticationProvider provider = new > LdapAuthenticationProvider(authenticator,populator); > return provider; > } > > > public static void contributeProviderManager( > OrderedConfiguration configuration, > @InjectService("DaoAuthenticationProvider") AuthenticationProvider > daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") > AuthenticationProvider ldapAuthenticationProvider){ > > configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) > ; > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r); > } > > > -Original Message- > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 27, 2008 10:14 AM > > To: users@tapestry.apach
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
All of the classes are from Acegi. The LdapAuthenticationProvider returns a LdapUserDetails object. There are a number of ways to get Acegi to authenticate you. Here's part of what I do from a Login form where I automatically add authenticated users to a Users table (it needs a bit of cleaning up): UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(_username,_password); Authentication authResult; try { authResult = _authenticationManager.authenticate(authRequest); logger.info("successful login for: " + _username); // now see if they exist in the database: User user = new User(); user.setUsername(_username); List matches = _userDao.findByExample(user); if (matches.isEmpty()){ Object principal = authResult.getPrincipal(); if (principal instanceof LdapUserDetails){ logger.info("adding new LDAP user" ); LdapUserDetails details = (LdapUserDetails) principal; logger.info(details.getAttributes().getIDs().toString()); Attribute nameAttr = details.getAttributes().get("name"); Object o; try { o = nameAttr.get(); if (o!= null && o instanceof String ) user.setLastName((String)o); else user.setLastName(_username); you get the idea > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map extraEnvVars = new HashMap(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > > } > > public static AuthenticationProvider > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > throws > Exception { > > FilterBasedLdapUserSearch userSearch = new > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > userSearch.setSearchSubtree(true); > userSearch.setDerefLinkFlag(true); > > BindAuthenticator authenticator = new > BindAuthenticator(factory); > authenticator.setUserSearch(userSearch); > authenticator.afterPropertiesSet(); > > DefaultLdapAuthoritiesPopulator populator = new > DefaultLdapAuthoritiesPopulator(factory,""); > populator.setGro
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Thanks Jonathan for that. Unclear on some stuff tho. Since we are using a LDAP based authentication provider do we need to have a UserDetailsServiceImpl? http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, then it assumes having a UserDetailsServiceImpl. Also, when we do configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide r) How does the Acegi framework get to know abt the LDAP authentication provider. -Original Message- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 27 March 2008 18:28 To: 'Tapestry users' Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider Here are the relevant portions (with identifying info stripped out) for authentication with Active Directory. With AD, you need to use bind-based authentication. If you are using something like OpenLDAP, you may have access to the password or password hash, so you would change the authenticator. I have also lumped together building the BindAuthenticator, UserSearch, DefaultLdapauthoritiesPopulator into the buildLdapAuthenticationProvider() function. These could be factored out. I'm also using an InMemoryDaoImpl for some development logins. public final InitialDirContextFactory buildInitialDirContextFactory(){ DefaultInitialDirContextFactory factory = new DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, DC=c om"); factory.setManagerDn("cn=Ldap Account ,OU=Service Accounts,OU=People,DC=domain,DC=com"); factory.setManagerPassword("password"); Map extraEnvVars = new HashMap(); extraEnvVars.put("java.naming.referral", "follow"); factory.setExtraEnvVars(extraEnvVars); return factory; } public static AuthenticationProvider buildLdapAuthenticationProvider(InitialDirContextFactory factory ) throws Exception { FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); userSearch.setSearchSubtree(true); userSearch.setDerefLinkFlag(true); BindAuthenticator authenticator = new BindAuthenticator(factory); authenticator.setUserSearch(userSearch); authenticator.afterPropertiesSet(); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(factory,""); populator.setGroupRoleAttribute("cn"); populator.setGroupSearchFilter("member={0}"); populator.setDefaultRole("ROLE_ANONYMOUS"); populator.setConvertToUpperCase(true); populator.setSearchSubtree(true); populator.setRolePrefix("ROLE_"); LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator,populator); return provider; } public static void contributeProviderManager( OrderedConfiguration configuration, @InjectService("DaoAuthenticationProvider") AuthenticationProvider daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") AuthenticationProvider ldapAuthenticationProvider){ configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) ; configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide r); } > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2008 10:14 AM > To: users@tapestry.apache.org > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Hi everybody. > > > > I am trying to integrate tapestry 5 with Acegi security. > > The authentication provider that I am using is LDAP based. > > > > I see that most of the examples refer to using DAOAuthentication > provider. > > Just checking if there is someone who used LDAP for the authentication. > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > , but looks like it is not using LDAP authentication. > > > > Cheers > > > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfri
RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
Here are the relevant portions (with identifying info stripped out) for authentication with Active Directory. With AD, you need to use bind-based authentication. If you are using something like OpenLDAP, you may have access to the password or password hash, so you would change the authenticator. I have also lumped together building the BindAuthenticator, UserSearch, DefaultLdapauthoritiesPopulator into the buildLdapAuthenticationProvider() function. These could be factored out. I'm also using an InMemoryDaoImpl for some development logins. public final InitialDirContextFactory buildInitialDirContextFactory(){ DefaultInitialDirContextFactory factory = new DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,DC=c om"); factory.setManagerDn("cn=Ldap Account ,OU=Service Accounts,OU=People,DC=domain,DC=com"); factory.setManagerPassword("password"); Map extraEnvVars = new HashMap(); extraEnvVars.put("java.naming.referral", "follow"); factory.setExtraEnvVars(extraEnvVars); return factory; } public static AuthenticationProvider buildLdapAuthenticationProvider(InitialDirContextFactory factory ) throws Exception { FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); userSearch.setSearchSubtree(true); userSearch.setDerefLinkFlag(true); BindAuthenticator authenticator = new BindAuthenticator(factory); authenticator.setUserSearch(userSearch); authenticator.afterPropertiesSet(); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(factory,""); populator.setGroupRoleAttribute("cn"); populator.setGroupSearchFilter("member={0}"); populator.setDefaultRole("ROLE_ANONYMOUS"); populator.setConvertToUpperCase(true); populator.setSearchSubtree(true); populator.setRolePrefix("ROLE_"); LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator,populator); return provider; } public static void contributeProviderManager( OrderedConfiguration configuration, @InjectService("DaoAuthenticationProvider") AuthenticationProvider daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") AuthenticationProvider ldapAuthenticationProvider){ configuration.add("daoAuthenticationProvider",daoAuthenticationProvider); configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider); } > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2008 10:14 AM > To: users@tapestry.apache.org > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Hi everybody. > > > > I am trying to integrate tapestry 5 with Acegi security. > > The authentication provider that I am using is LDAP based. > > > > I see that most of the examples refer to using DAOAuthentication > provider. > > Just checking if there is someone who used LDAP for the authentication. > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > , but looks like it is not using LDAP authentication. > > > > Cheers > > > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]