I thought it would but I must be configuring it wrong. The attributes are coming in as a list of groups, I need them to be roles, or testable as roles in spring, my constructor for the bean you mention had "attributes" for a parameter, I'm going to try switching that to groups On Feb 17, 2013 8:17 PM, "Scott Battaglia" <[email protected]> wrote:
> I haven't tried in a while but doesn't this do what you want? > > http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html > > Cheers, > Scott > > On Fri, Feb 15, 2013 at 5:09 PM, Andrew Chandler <[email protected]>wrote: > >> I'm hoping someone can help me with this before I go bald. >> >> I've successfully followed the tutorials and got CAS server up and >> running on Tomcat on SSL. For now all web applications are hosted in this >> single Tomcat instance. Cas is configured to authenticate against >> Active Directory via the LDAP Bind process (not fastbind). I also have it >> configured to use the attributeRepository >> org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao >> >> Following a different tutorial I setup a simple jsp client webapp that >> showes the information it got back from CAS and I see all my AD groups in >> the attributes that were placed on the principals. >> >> What I am trying to do in my Spring based Web App is reproduce what I >> successfully did when I had that single webapp authenticating using spring >> security to Active Directory. The groups became authorities and were >> used in filtering access. My problem is the only client examples I've >> seen to access the attributes returned from CAS weren't really >> participating in the spring authentication process. I'm looking for a >> good, simple example using current versions of spring security (not older >> 2.x stuff) that will take the authentication I get back from CAS and use >> the "Groups" properties and turn those into roles during the security >> filtering process so that the user can access protected resources. Any >> info would help. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
