I understand your code. I need acegi take full control of the login and security of my web application. Say for example, if the user tries to directly go to a URL other than the login URL, then the user should be redirected to the login URL if there is no valid user session.
About the LdapUserDetails object.. Since the SecurityModule of tapestry5-acegi needs a UserDetailsServiceImpl,,, Is it correct to say that I have to write a UserDetailsServiceImpl class which uses LDAP in order to retrieve the correct UserDetails Object? -----Original Message----- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 28 March 2008 14:34 To: 'Tapestry users' Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider All of the classes are from Acegi. The LdapAuthenticationProvider returns a LdapUserDetails object. There are a number of ways to get Acegi to authenticate you. Here's part of what I do from a Login form where I automatically add authenticated users to a Users table (it needs a bit of cleaning up): UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(_username,_password); Authentication authResult; try { authResult = _authenticationManager.authenticate(authRequest); logger.info("successful login for: " + _username); // now see if they exist in the database: User user = new User(); user.setUsername(_username); List<User> matches = _userDao.findByExample(user); if (matches.isEmpty()){ Object principal = authResult.getPrincipal(); if (principal instanceof LdapUserDetails){ logger.info("adding new LDAP user" ); LdapUserDetails details = (LdapUserDetails) principal; logger.info(details.getAttributes().getIDs().toString()); Attribute nameAttr = details.getAttributes().get("name"); Object o; try { o = nameAttr.get(); if (o!= null && o instanceof String ) user.setLastName((String)o); else user.setLastName(_username); .... you get the idea > -----Original Message----- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:50 AM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Thanks Jonathan for that. > > Unclear on some stuff tho. > Since we are using a LDAP based authentication provider do we need to > have a UserDetailsServiceImpl? > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > then it assumes having a UserDetailsServiceImpl. > > Also, when we do > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r) > How does the Acegi framework get to know abt the LDAP authentication > provider. > > > > -----Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:28 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Here are the relevant portions (with identifying info stripped out) for > authentication with Active Directory. With AD, you need to use > bind-based > authentication. > > If you are using something like OpenLDAP, you may have access to the > password or password hash, so you would change the authenticator. > > > I have also lumped together building the BindAuthenticator, UserSearch, > DefaultLdapauthoritiesPopulator into the > buildLdapAuthenticationProvider() > function. These could be factored out. > > I'm also using an InMemoryDaoImpl for some development logins. > > > public final InitialDirContextFactory > buildInitialDirContextFactory(){ > DefaultInitialDirContextFactory factory = new > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > DC=c > om"); > factory.setManagerDn("cn=Ldap Account ,OU=Service > Accounts,OU=People,DC=domain,DC=com"); > factory.setManagerPassword("password"); > Map<String,String> extraEnvVars = new HashMap<String,String>(); > extraEnvVars.put("java.naming.referral", "follow"); > factory.setExtraEnvVars(extraEnvVars); > return factory; > > } > > public static AuthenticationProvider > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > throws > Exception { > > FilterBasedLdapUserSearch userSearch = new > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > userSearch.setSearchSubtree(true); > userSearch.setDerefLinkFlag(true); > > BindAuthenticator authenticator = new > BindAuthenticator(factory); > authenticator.setUserSearch(userSearch); > authenticator.afterPropertiesSet(); > > DefaultLdapAuthoritiesPopulator populator = new > DefaultLdapAuthoritiesPopulator(factory,""); > populator.setGroupRoleAttribute("cn"); > populator.setGroupSearchFilter("member={0}"); > populator.setDefaultRole("ROLE_ANONYMOUS"); > populator.setConvertToUpperCase(true); > populator.setSearchSubtree(true); > populator.setRolePrefix("ROLE_"); > > LdapAuthenticationProvider provider = new > LdapAuthenticationProvider(authenticator,populator); > return provider; > } > > > public static void contributeProviderManager( > OrderedConfiguration<AuthenticationProvider> configuration, > @InjectService("DaoAuthenticationProvider") AuthenticationProvider > daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") > AuthenticationProvider ldapAuthenticationProvider){ > > configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) > ; > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > r); > } > > > -----Original Message----- > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 27, 2008 10:14 AM > > To: users@tapestry.apache.org > > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Hi everybody. > > > > > > > > I am trying to integrate tapestry 5 with Acegi security. > > > > The authentication provider that I am using is LDAP based. > > > > > > > > I see that most of the examples refer to using DAOAuthentication > > provider. > > > > Just checking if there is someone who used LDAP for the > authentication. > > > > > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > > > , but looks like it is not using LDAP authentication. > > > > > > > > Cheers > > > > > > > > The information contained in this email is strictly confidential and > for > > the use of the addressee only, unless otherwise indicated. If you are > not > > the intended recipient, please do not read, copy, use or disclose to > > others this message or any attachment. Please also notify the sender > by > > replying to this email or by telephone (+44 (0)20 7896 0011) and then > > delete the email and any copies of it. Opinions, conclusions (etc.) > that > > do not relate to the official business of this company shall be > understood > > as neither given nor endorsed by it. IG Index plc is a company > registered > > in England and Wales under number 01190902. VAT registration number > 761 > > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, > London > > SE1 8EZ. Authorised and regulated by the Financial Services Authority. > FSA > > Register number 114059. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
