You do not need to write a UserDetails implementation for LDAP. Acegi already did it. In fact, the only time I've hit where I needed to implement a UserDetails object and UserDetailsService was creating my own custom DAO-based authentication.
Now, if you're needing to save information to LDAP..., well that might be a different story. Also, you should read a related thread on the list: "ACEGI Problem with anonymous" And perhaps "Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work" > -----Original Message----- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 2:29 PM > To: Tapestry users > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > I understand your code. I need acegi take full control of the login and > security of my web application. Say for example, if the user tries to > directly go to a URL other than the login URL, then the user should be > redirected to the login URL if there is no valid user session. > > > About the LdapUserDetails object.. > > Since the SecurityModule of tapestry5-acegi needs a > UserDetailsServiceImpl,,, > Is it correct to say that I have to write a UserDetailsServiceImpl class > which uses LDAP in order to retrieve the correct UserDetails Object? > > -----Original Message----- > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > Sent: 28 March 2008 14:34 > To: 'Tapestry users' > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > All of the classes are from Acegi. The LdapAuthenticationProvider > returns a > LdapUserDetails object. > > There are a number of ways to get Acegi to authenticate you. Here's > part of > what I do from a Login form where I automatically add authenticated > users to > a Users table (it needs a bit of cleaning up): > > UsernamePasswordAuthenticationToken authRequest = > new > UsernamePasswordAuthenticationToken(_username,_password); > Authentication authResult; > > try { > authResult = > _authenticationManager.authenticate(authRequest); > logger.info("successful login for: " + > _username); > // now see if they exist in the database: > User user = new User(); > user.setUsername(_username); > List<User> matches = > _userDao.findByExample(user); > if (matches.isEmpty()){ > Object principal = > authResult.getPrincipal(); > if (principal instanceof > LdapUserDetails){ > logger.info("adding new LDAP > user" > ); > LdapUserDetails details = > (LdapUserDetails) principal; > > logger.info(details.getAttributes().getIDs().toString()); > Attribute nameAttr = > details.getAttributes().get("name"); > Object o; > try { > o = nameAttr.get(); > if (o!= null && o > instanceof > String ) > > user.setLastName((String)o); > else > > user.setLastName(_username); > .... you get the idea > > > > > > -----Original Message----- > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 28, 2008 9:50 AM > > To: Tapestry users > > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Thanks Jonathan for that. > > > > Unclear on some stuff tho. > > Since we are using a LDAP based authentication provider do we need to > > have a UserDetailsServiceImpl? > > > > > > http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, > > then it assumes having a UserDetailsServiceImpl. > > > > Also, when we do > > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > > r) > > How does the Acegi framework get to know abt the LDAP authentication > > provider. > > > > > > > > -----Original Message----- > > From: Jonathan Barker [mailto:[EMAIL PROTECTED] > > Sent: 27 March 2008 18:28 > > To: 'Tapestry users' > > Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > Here are the relevant portions (with identifying info stripped out) > for > > authentication with Active Directory. With AD, you need to use > > bind-based > > authentication. > > > > If you are using something like OpenLDAP, you may have access to the > > password or password hash, so you would change the authenticator. > > > > > > I have also lumped together building the BindAuthenticator, > UserSearch, > > DefaultLdapauthoritiesPopulator into the > > buildLdapAuthenticationProvider() > > function. These could be factored out. > > > > I'm also using an InMemoryDaoImpl for some development logins. > > > > > > public final InitialDirContextFactory > > buildInitialDirContextFactory(){ > > DefaultInitialDirContextFactory factory = new > > > DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, > > DC=c > > om"); > > factory.setManagerDn("cn=Ldap Account ,OU=Service > > Accounts,OU=People,DC=domain,DC=com"); > > factory.setManagerPassword("password"); > > Map<String,String> extraEnvVars = new > HashMap<String,String>(); > > extraEnvVars.put("java.naming.referral", "follow"); > > factory.setExtraEnvVars(extraEnvVars); > > return factory; > > > > } > > > > public static AuthenticationProvider > > buildLdapAuthenticationProvider(InitialDirContextFactory factory ) > > throws > > Exception { > > > > FilterBasedLdapUserSearch userSearch = new > > FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); > > userSearch.setSearchSubtree(true); > > userSearch.setDerefLinkFlag(true); > > > > BindAuthenticator authenticator = new > > BindAuthenticator(factory); > > authenticator.setUserSearch(userSearch); > > authenticator.afterPropertiesSet(); > > > > DefaultLdapAuthoritiesPopulator populator = new > > DefaultLdapAuthoritiesPopulator(factory,""); > > populator.setGroupRoleAttribute("cn"); > > populator.setGroupSearchFilter("member={0}"); > > populator.setDefaultRole("ROLE_ANONYMOUS"); > > populator.setConvertToUpperCase(true); > > populator.setSearchSubtree(true); > > populator.setRolePrefix("ROLE_"); > > > > LdapAuthenticationProvider provider = new > > LdapAuthenticationProvider(authenticator,populator); > > return provider; > > } > > > > > > public static void contributeProviderManager( > > OrderedConfiguration<AuthenticationProvider> configuration, > > @InjectService("DaoAuthenticationProvider") AuthenticationProvider > > daoAuthenticationProvider, > @InjectService("LdapAuthenticationProvider") > > AuthenticationProvider ldapAuthenticationProvider){ > > > > > configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) > > ; > > > > > configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide > > r); > > } > > > > > -----Original Message----- > > > From: Mahen Perera [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 27, 2008 10:14 AM > > > To: users@tapestry.apache.org > > > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > > > > > Hi everybody. > > > > > > > > > > > > I am trying to integrate tapestry 5 with Acegi security. > > > > > > The authentication provider that I am using is LDAP based. > > > > > > > > > > > > I see that most of the examples refer to using DAOAuthentication > > > provider. > > > > > > Just checking if there is someone who used LDAP for the > > authentication. > > > > > > > > > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > > > > > , but looks like it is not using LDAP authentication. > > > > > > > > > > > > Cheers > > > > > > > > > > > > The information contained in this email is strictly confidential and > > for > > > the use of the addressee only, unless otherwise indicated. If you > are > > not > > > the intended recipient, please do not read, copy, use or disclose to > > > others this message or any attachment. Please also notify the sender > > by > > > replying to this email or by telephone (+44 (0)20 7896 0011) and > then > > > delete the email and any copies of it. Opinions, conclusions (etc.) > > that > > > do not relate to the official business of this company shall be > > understood > > > as neither given nor endorsed by it. IG Index plc is a company > > registered > > > in England and Wales under number 01190902. VAT registration number > > 761 > > > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, > > London > > > SE1 8EZ. Authorised and regulated by the Financial Services > Authority. > > FSA > > > Register number 114059. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > The information contained in this email is strictly confidential and > for > > the use of the addressee only, unless otherwise indicated. If you are > not > > the intended recipient, please do not read, copy, use or disclose to > > others this message or any attachment. Please also notify the sender > by > > replying to this email or by telephone (+44 (0)20 7896 0011) and then > > delete the email and any copies of it. Opinions, conclusions (etc.) > that > > do not relate to the official business of this company shall be > understood > > as neither given nor endorsed by it. IG Index plc is a company > registered > > in England and Wales under number 01190902. VAT registration number > 761 > > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, > London > > SE1 8EZ. Authorised and regulated by the Financial Services Authority. > FSA > > Register number 114059. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
