<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
<constructor-arg value="ldap://localhost:389/dc=my-domain,dc=com"/>
<property name="managerDn"><value>cn=manager,dc=my-domain,dc=com</value></property>
<property name="managerPassword"><value>secret</value></property>
</bean>
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
<property name="userDnPatterns"><list><value>cn={0},ou=public</value></list></property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
<constructor-arg><value>dc=groups</value></constructor-arg>
<property name="groupRoleAttribute"><value>cn</value></property>
<property name="searchSubtree"><value>true</value></property>
<!--<property name="groupSearchFilte<value>member={0}</value></property>-->
<property name="rolePrefix"><value>ROLE_</value></property>
<property name="convertToUpperCase"><value>true</value></property>
that seem work correctly for authentication,but it cant retrieve user's role.
I define a group in LDAP with this structure :
dn: dc=groups, dc=my-domain,dc=com
dc: groups
objectClass: top
objectClass: dcObject
objectClass: groupOfNames
cn: developer
member: cn=ben,ou=public,dc=my-domain,dc=com
and i have
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/></property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secured/**=ROLE_ADMIN,ROLE_DEVELOPER
<!-- /**=ROLE_PUBLIC-->
</value>
</property>
</bean>
when i want login with username=ben,and correct password,error 403 occur:
Apache Tomcat/4.0.6 - HTTP Status 403 - Access is denied
type Status report
message Access is denied
description Access to the specified resource (Access is denied) has been forbidden.
please guide me,what is wrong?I should have other cofig or i had a mistake with this configration.
Thank's in advance.
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
