Thank you, Gareth.
Is it possible to have your code as sample? Or do you know where I can find help in implementing these specific steps. Appreciate your help very much. Qin ________________________________ From: Gareth Davis [mailto:[EMAIL PROTECTED] Sent: Friday, December 07, 2007 10:21 AM To: [email protected] Subject: Re: [appfuse-user] Acegi Security LDAP just done something similar for my application. It's basically a case of implementing the correct Acegi classes. there are three core classes for implementing a custom SSO authentication in acegi. first you will need your own AuthenticationToken, this is used to transport the credentials (the contents of your header I assume) down through the AuthenicationManger. See AbstractAuthenticationToken and UsernamePasswordAuthenticationToken second, you will need an AuthenticationProvider, this provides the check that verifies the Token and retrieves the GrantedAuthority's for the user as well as the UserDetails object (if you are going to continue with this as the principal). For an example look at the Acegi source for AbstractUserDetailsAuthenticationProvider, it can't be used directly as it requires UsernamePasswordAuthenticationToken's, but is quite easy to understand. In your case this class might actually be very simple, if you are just going to trust the header, then it's will a case of returning a new Token with the authorities and principal (don't forget to look into the isAuthenticated attribute of AuthenicationToken, UsernamePasswordAuthenticationToken overrides the setter). Lastly you will need a ProcessingFilter, this needs to grab you header from the request and it in your new AuthenticationToken to the AuthenticationManager. See AuthenticationProcessingFilter for an example. Basically you just need to implment the attemptAuthentication(request) method. It's quite a few small steps, once done, there is little reason why these classes can't be used in other applications that have to do the same thing. Hope this helps. Gareth On 7 Dec 2007, at 15:11, Ding, Qin wrote: Mike: Thank you for the info. However, login is bit different. Please let me explain. We have single sign-on for the company. The appfuse application contact the company's signon via url, which challenges by providing a login box and sends back header if authorized. So, actually, the application does not contact LDAP directly. I guess I need to write a filter to perform such work. When the header comes back, how do I do with acegisecurity so that the rest application will work as is? Is the filter an answer? Do you have any information or sample to write such filter? Please advise. Thank you. ________________________________ From: Michael Horwitz [mailto:[EMAIL PROTECTED] Sent: Thursday, December 06, 2007 11:53 AM To: [email protected] Subject: Re: [appfuse-user] Acegi Security LDAP There is a guide here on getting LDAP authentication working with AppFuse: http://www.appfuse.org/display/APF/LDAP+Authentication Mike On 12/6/07, Ding, Qin <[EMAIL PROTECTED]> wrote: We built an appfuse application using 1.9.4. We need to change the login from db to ldap. Our company uses novell's ichan to authenticate/authorize the user. What's the good and easy way to make that switch? Please advise. Thank you. QD --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
