I haven't tried in a while but doesn't this do what you want? http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html
Cheers, Scott On Fri, Feb 15, 2013 at 5:09 PM, Andrew Chandler <[email protected]> wrote: > I'm hoping someone can help me with this before I go bald. > > I've successfully followed the tutorials and got CAS server up and running > on Tomcat on SSL. For now all web applications are hosted in this single > Tomcat instance. Cas is configured to authenticate against Active > Directory via the LDAP Bind process (not fastbind). I also have it > configured to use the attributeRepository > org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao > > Following a different tutorial I setup a simple jsp client webapp that > showes the information it got back from CAS and I see all my AD groups in > the attributes that were placed on the principals. > > What I am trying to do in my Spring based Web App is reproduce what I > successfully did when I had that single webapp authenticating using spring > security to Active Directory. The groups became authorities and were > used in filtering access. My problem is the only client examples I've > seen to access the attributes returned from CAS weren't really > participating in the spring authentication process. I'm looking for a > good, simple example using current versions of spring security (not older > 2.x stuff) that will take the authentication I get back from CAS and use > the "Groups" properties and turn those into roles during the security > filtering process so that the user can access protected resources. Any > info would help. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
