just done something similar for my application.
It's basically a case of implementing the correct Acegi classes.
there are three core classes for implementing a custom SSO
authentication in acegi.
first you will need your own AuthenticationToken, this is used to
transport the credentials (the contents of your header I assume) down
through the AuthenicationManger. See AbstractAuthenticationToken and
UsernamePasswordAuthenticationToken
second, you will need an AuthenticationProvider, this provides the
check that verifies the Token and retrieves the GrantedAuthority's for
the user as well as the UserDetails object (if you are going to
continue with this as the principal). For an example look at the Acegi
source for AbstractUserDetailsAuthenticationProvider, it can't be used
directly as it requires UsernamePasswordAuthenticationToken's, but is
quite easy to understand. In your case this class might actually be
very simple, if you are just going to trust the header, then it's will
a case of returning a new Token with the authorities and principal
(don't forget to look into the isAuthenticated attribute of
AuthenicationToken, UsernamePasswordAuthenticationToken overrides the
setter).
Lastly you will need a ProcessingFilter, this needs to grab you header
from the request and it in your new AuthenticationToken to the
AuthenticationManager. See AuthenticationProcessingFilter for an
example. Basically you just need to implment the
attemptAuthentication(request) method.
It's quite a few small steps, once done, there is little reason why
these classes can't be used in other applications that have to do the
same thing.
Hope this helps.
Gareth
On 7 Dec 2007, at 15:11, Ding, Qin wrote:
Mike: Thank you for the info. However, login is bit different.
Please let me explain.
We have single sign-on for the company. The appfuse application
contact the company’s signon via url, which challenges by providing
a login box and sends back header if authorized. So, actually, the
application does not contact LDAP directly. I guess I need to write
a filter to perform such work. When the header comes back, how do I
do with acegisecurity so that the rest application will work as is?
Is the filter an answer? Do you have any information or sample to
write such filter? Please advise. Thank you.
From: Michael Horwitz [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 06, 2007 11:53 AM
To: [email protected]
Subject: Re: [appfuse-user] Acegi Security LDAP
There is a guide here on getting LDAP authentication working with
AppFuse: http://www.appfuse.org/display/APF/LDAP+Authentication
Mike
On 12/6/07, Ding, Qin <[EMAIL PROTECTED]> wrote:
We built an appfuse application using 1.9.4. We need to change the
login from db to ldap. Our company uses novell's ichan to
authenticate/authorize the user. What's the good and easy way to make
that switch? Please advise.
Thank you.
QD
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
