All of the classes are from Acegi. The LdapAuthenticationProvider returns a LdapUserDetails object.
There are a number of ways to get Acegi to authenticate you. Here's part of what I do from a Login form where I automatically add authenticated users to a Users table (it needs a bit of cleaning up): UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(_username,_password); Authentication authResult; try { authResult = _authenticationManager.authenticate(authRequest); logger.info("successful login for: " + _username); // now see if they exist in the database: User user = new User(); user.setUsername(_username); List<User> matches = _userDao.findByExample(user); if (matches.isEmpty()){ Object principal = authResult.getPrincipal(); if (principal instanceof LdapUserDetails){ logger.info("adding new LDAP user" ); LdapUserDetails details = (LdapUserDetails) principal; logger.info(details.getAttributes().getIDs().toString()); Attribute nameAttr = details.getAttributes().get("name"); Object o; try { o = nameAttr.get(); if (o!= null && o instanceof String ) user.setLastName((String)o); else user.setLastName(_username); .... you get the idea > -----Original Message----- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -----Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map<String,String> extraEnvVars = new HashMap<String,String>(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > > } > > public static AuthenticationProvider > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > throws > Exception { > > FilterBasedLdapUserSearch userSearch = new > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > userSearch.setSearchSubtree(true); > userSearch.setDerefLinkFlag(true); > > BindAuthenticator authenticator = new > BindAuthenticator(factory); > authenticator.setUserSearch(userSearch); > authenticator.afterPropertiesSet(); > > DefaultLdapAuthoritiesPopulator populator = new > DefaultLdapAuthoritiesPopulator(factory,""); > populator.setGroupRoleAttribute("cn"); > populator.setGroupSearchFilter("member={0}"); > populator.setDefaultRole("ROLE_ANONYMOUS"); > populator.setConvertToUpperCase(true); > populator.setSearchSubtree(true); > populator.setRolePrefix("ROLE_"); > > LdapAuthenticationProvider provider = new > LdapAuthenticationProvider(authenticator,populator); > return provider; > } > > > public static void contributeProviderManager( > OrderedConfiguration<AuthenticationProvider> configuration, > @InjectService("DaoAuthenticationProvider") AuthenticationProvider > daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") > AuthenticationProvider ldapAuthenticationProvider){ > > configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) > ; > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r); > } > > > -----Original Message----- > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 27, 2008 10:14 AM > > To: users@tapestry.apache.org > > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Hi everybody. > > > > > > > > I am trying to integrate tapestry 5 with Acegi security. > > > > The authentication provider that I am using is LDAP based. > > > > > > > > I see that most of the examples refer to using DAOAuthentication > > provider. > > > > Just checking if there is someone who used LDAP for the > authentication. > > > > > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > > > , but looks like it is not using LDAP authentication. > > > > > > > > Cheers > > > > > > > > The information contained in this email is strictly confidential and > for > > the use of the addressee only, unless otherwise indicated. If you are > not > > the intended recipient, please do not read, copy, use or disclose to > > others this message or any attachment. Please also notify the sender > by > > replying to this email or by telephone (+44 (0)20 7896 0011) and then > > delete the email and any copies of it. Opinions, conclusions (etc.) > that > > do not relate to the official business of this company shall be > understood > > as neither given nor endorsed by it. IG Index plc is a company > registered > > in England and Wales under number 01190902. VAT registration number > 761 > > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, > London > > SE1 8EZ. Authorised and regulated by the Financial Services Authority. > FSA > > Register number 114059. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]