All of the classes are from Acegi. The LdapAuthenticationProvider returns a
LdapUserDetails object.
There are a number of ways to get Acegi to authenticate you. Here's part of
what I do from a Login form where I automatically add authenticated users to
a Users table (it needs a bit of cleaning up):
UsernamePasswordAuthenticationToken authRequest =
new
UsernamePasswordAuthenticationToken(_username,_password);
Authentication authResult;
try {
authResult =
_authenticationManager.authenticate(authRequest);
logger.info("successful login for: " + _username);
// now see if they exist in the database:
User user = new User();
user.setUsername(_username);
List<User> matches = _userDao.findByExample(user);
if (matches.isEmpty()){
Object principal =
authResult.getPrincipal();
if (principal instanceof LdapUserDetails){
logger.info("adding new LDAP user"
);
LdapUserDetails details =
(LdapUserDetails) principal;
logger.info(details.getAttributes().getIDs().toString());
Attribute nameAttr =
details.getAttributes().get("name");
Object o;
try {
o = nameAttr.get();
if (o!= null && o instanceof
String )
user.setLastName((String)o);
else
user.setLastName(_username);
.... you get the idea
> -----Original Message-----
> From: Mahen Perera [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 28, 2008 9:50 AM
> To: Tapestry users
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Thanks Jonathan for that.
>
> Unclear on some stuff tho.
> Since we are using a LDAP based authentication provider do we need to
> have a UserDetailsServiceImpl?
>
>
> http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this,
> then it assumes having a UserDetailsServiceImpl.
>
> Also, when we do
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r)
> How does the Acegi framework get to know abt the LDAP authentication
> provider.
>
>
>
> -----Original Message-----
> From: Jonathan Barker [mailto:[EMAIL PROTECTED]
> Sent: 27 March 2008 18:28
> To: 'Tapestry users'
> Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Here are the relevant portions (with identifying info stripped out) for
> authentication with Active Directory. With AD, you need to use
> bind-based
> authentication.
>
> If you are using something like OpenLDAP, you may have access to the
> password or password hash, so you would change the authenticator.
>
>
> I have also lumped together building the BindAuthenticator, UserSearch,
> DefaultLdapauthoritiesPopulator into the
> buildLdapAuthenticationProvider()
> function. These could be factored out.
>
> I'm also using an InMemoryDaoImpl for some development logins.
>
>
> public final InitialDirContextFactory
> buildInitialDirContextFactory(){
> DefaultInitialDirContextFactory factory = new
> DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,
> DC=c
> om");
> factory.setManagerDn("cn=Ldap Account ,OU=Service
> Accounts,OU=People,DC=domain,DC=com");
> factory.setManagerPassword("password");
> Map<String,String> extraEnvVars = new HashMap<String,String>();
> extraEnvVars.put("java.naming.referral", "follow");
> factory.setExtraEnvVars(extraEnvVars);
> return factory;
>
> }
>
> public static AuthenticationProvider
> buildLdapAuthenticationProvider(InitialDirContextFactory factory )
> throws
> Exception {
>
> FilterBasedLdapUserSearch userSearch = new
> FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
> userSearch.setSearchSubtree(true);
> userSearch.setDerefLinkFlag(true);
>
> BindAuthenticator authenticator = new
> BindAuthenticator(factory);
> authenticator.setUserSearch(userSearch);
> authenticator.afterPropertiesSet();
>
> DefaultLdapAuthoritiesPopulator populator = new
> DefaultLdapAuthoritiesPopulator(factory,"");
> populator.setGroupRoleAttribute("cn");
> populator.setGroupSearchFilter("member={0}");
> populator.setDefaultRole("ROLE_ANONYMOUS");
> populator.setConvertToUpperCase(true);
> populator.setSearchSubtree(true);
> populator.setRolePrefix("ROLE_");
>
> LdapAuthenticationProvider provider = new
> LdapAuthenticationProvider(authenticator,populator);
> return provider;
> }
>
>
> public static void contributeProviderManager(
> OrderedConfiguration<AuthenticationProvider> configuration,
> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
> daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
> AuthenticationProvider ldapAuthenticationProvider){
>
> configuration.add("daoAuthenticationProvider",daoAuthenticationProvider)
> ;
>
> configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide
> r);
> }
>
> > -----Original Message-----
> > From: Mahen Perera [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, March 27, 2008 10:14 AM
> > To: users@tapestry.apache.org
> > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
> >
> > Hi everybody.
> >
> >
> >
> > I am trying to integrate tapestry 5 with Acegi security.
> >
> > The authentication provider that I am using is LDAP based.
> >
> >
> >
> > I see that most of the examples refer to using DAOAuthentication
> > provider.
> >
> > Just checking if there is someone who used LDAP for the
> authentication.
> >
> >
> >
> > I went thru http://www.localhost.nu/java/tapestry5-acegi/
> >
> > , but looks like it is not using LDAP authentication.
> >
> >
> >
> > Cheers
> >
> >
> >
> > The information contained in this email is strictly confidential and
> for
> > the use of the addressee only, unless otherwise indicated. If you are
> not
> > the intended recipient, please do not read, copy, use or disclose to
> > others this message or any attachment. Please also notify the sender
> by
> > replying to this email or by telephone (+44 (0)20 7896 0011) and then
> > delete the email and any copies of it. Opinions, conclusions (etc.)
> that
> > do not relate to the official business of this company shall be
> understood
> > as neither given nor endorsed by it. IG Index plc is a company
> registered
> > in England and Wales under number 01190902. VAT registration number
> 761
> > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
> London
> > SE1 8EZ. Authorised and regulated by the Financial Services Authority.
> FSA
> > Register number 114059.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
