java - Spring Security LDAP vs Basic Authenticaiton -


i've burned few days trying should simple work. have application (web app) works spring security 3.0.5 , i'm having hell of time trying switch out authentication-manager supports ldap.

i'm using jsf , seems of tutorials out there geared towards jsp

i'm no means spring expert , i've hobbled off tutorials found scattered around web.

servlet-context.xml

i'm not 100% sure file does?

<?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:beans="http://www.springframework.org/schema/beans"  xsi:schemalocation="     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">  <!-- dispatcherservlet context: defines servlet's request-processing infrastructure -->  <!-- handles http requests /resources/** efficiently serving static resources in ${webapproot}/resources directory --> <resources mapping="/resources/**" location="/resources/" />  <!-- resolves views selected rendering @controllers .jsp resources in /web-inf/views directory --> <beans:bean class="org.springframework.web.servlet.view.internalresourceviewresolver">     <beans:property name="prefix" value="/web-inf/views/" />     <beans:property name="suffix" value=".jsp" /> </beans:bean>  </beans:beans>

security.xml

this file appears define security configuration , such parts of web app locked down. 

<?xml version="1.0" encoding="utf-8"?>  <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd                     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">  <http use-expressions="true">     <intercept-url pattern="/ff/**"         access="isauthenticated()" />     <intercept-url pattern="/**" access="permitall()" />      <!-- custom login page -->     <form-login login-page="/login.jsf" authentication-failure-url="/login-fail.jsf"/>      <!-- custom logout page -->     <logout logout-success-url="/login.jsf"  invalidate-session="true"/>  </http>  <!-- use inline authentication provider. --> <authentication-manager>     <authentication-provider>         <password-encoder hash="md5"/>         <user-service>             <user name="admin" password="21232f297a57a5a743894a0e4a801fc3" authorities="role_admin,role_user" />             <user name="raj" password="0b438dd454bc6a17de239ebf0a46b91b" authorities="role_user" />         </user-service>     </authentication-provider> </authentication-manager>

web.xml

it appears file tells web-app additional spring fillets parse

<?xml version="1.0" encoding="utf-8"?> <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"       xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"       xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee     http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> <context-param>     <param-name>contextconfiglocation</param-name>     <param-value>         /web-inf/spring/root-context.xml         /web-inf/spring/security.xml     </param-value> </context-param>     <!-- enable spring security --> <filter>     <filter-name>springsecurityfilterchain</filter-name>     <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter>  <!-- allow login pages jsf redirects security check, therefore have add forward entry here --> <filter-mapping>     <filter-name>springsecurityfilterchain</filter-name>     <url-pattern>/*</url-pattern>     <dispatcher>forward</dispatcher>     <dispatcher>request</dispatcher> </filter-mapping>  <listener>     <listener-class>org.springframework.web.context.contextloaderlistener</listener-class> </listener>  <listener>     <listener-class>org.springframework.web.context.request.requestcontextlistener</listener-class> </listener>  <servlet>     <servlet-name>appservlet</servlet-name>     <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>     <init-param>         <param-name>contextconfiglocation</param-name>         <param-value>/web-inf/spring/servlet-context.xml</param-value>     </init-param>     <load-on-startup>1</load-on-startup> </servlet>  <servlet-mapping>     <servlet-name>appservlet</servlet-name>     <url-pattern>/spring/</url-pattern> </servlet-mapping>  <servlet>     <servlet-name>faces servlet</servlet-name>     <servlet-class>javax.faces.webapp.facesservlet</servlet-class>     <load-on-startup>1</load-on-startup> </servlet>  <servlet-mapping>     <servlet-name>faces servlet</servlet-name>     <url-pattern>*.jsf</url-pattern>     <url-pattern>/faces/*</url-pattern> </servlet-mapping>   <session-config>     <session-timeout>         30     </session-timeout> </session-config> </web-app>

and lastly have bean (i think) handles security stuff

securitywrapper.java

import java.util.collection; import javax.faces.bean.managedbean; import javax.faces.bean.sessionscoped; import org.springframework.security.authentication.anonymousauthenticationtoken; import org.springframework.security.core.authentication; import org.springframework.security.core.grantedauthority; import org.springframework.security.core.context.securitycontextholder; import org.springframework.security.core.userdetails.userdetails;  /** * code from: http://www.baeldung.com/get-user-in-spring-security */ @managedbean @sessionscoped public class securitywrapper {  public string getuser() {     authentication authentication = securitycontextholder.getcontext().getauthentication();     if (!(authentication instanceof anonymousauthenticationtoken)) {         string currentusername = authentication.getname();         return currentusername;     }     return "no user detected"; }  /*this example obtain rol name example generate automatic menu    */ public string getrole() {      /*this example obtain rol name example generate automatic menu    */     authentication auth = securitycontextholder.getcontext().getauthentication();     string nameprincipalrol = null;     if (auth instanceof anonymousauthenticationtoken) {          nameprincipalrol = "role_anonymous";     } else {          nameprincipalrol = auth.getauthorities().iterator().next().getauthority();     }     return nameprincipalrol; }  private void getuserdetails() {     userdetails userdetails = (userdetails) securitycontextholder.getcontext().             getauthentication().getprincipal();     system.out.println(userdetails.getpassword());     system.out.println(userdetails.getusername());     system.out.println(userdetails.isenabled()); }  private boolean hasrole(string role) {     collection<grantedauthority> authorities = (collection<grantedauthority>) securitycontextholder.getcontext().getauthentication().getauthorities();     boolean hasrole = false;     (grantedauthority authority : authorities) {         hasrole = authority.getauthority().equals(role);         if (hasrole) {             break;         }     }     return hasrole; }   public string logout(){      getuserdetails();     securitycontextholder.clearcontext();      return "loggedout"; }  }

questions

so here i'm running issues. 1) example code put (much came from: http://www.baeldung.com/get-user-in-spring-security) running spring 3.0.5 out of date, i'm hoping shouldn't matter. i've gone various routes attempting integrate and/or switch out authentication provider ldap keep running issues tutorials of different version , when try upgrade spring things go kaboom. i'm assuming should straight forward process love pointers how move forward.

there various answers on stack integrating spring ldap (mostly) related .jsp , not.xhtml may/may not matter - , i've run trouble trying integrate other ones.

should straight forward process or more involved realize? , if/so simple swapping out <authentication-manager> or need add special java code well?

so...assuming have spring security working , wish switch ldap

you need have authentication manager in file security.xml:

<sec:authentication-manager alias="webauthenticationmanager">     <sec:authentication-provider ref="ldapactivedirectoryauthprovider" /> </sec:authentication-manager>

and actual bean this:

<bean id="ldapactivedirectoryauthprovider" class="org.springframework.security.ldap.authentication.ad.activedirectoryldapauthenticationprovider">     <constructor-arg value="yourcompany.com" />     <constructor-arg value="ldap://yourserver.yourcompany.com:389 " />     <property name="authoritiesmapper" ref="dataautomationgrantedauthoritiesmapper" />     <property name="useauthenticationrequestcredentials" value="true" /> </bean>

you need map groups spring security roles:

<!-- mapping of groups (user member of) application roles used spring security -->  <bean id="dataautomationgrantedauthoritiesmapper" class="com.deltarail.view.web.login.dataautomationgrantedauthoritiesmapper">             <property name="grouptorolemap">         <util:map>             <entry key="systemadministrators" value="role_sysadmin" />             <entry key="maint"  value="role_maint" />             <entry key="general"value="role_user" />          </util:map>     </property> </bean>

Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more