What you should is:
1. implement your own *BasePersonAttributeDao.*
2. Override the getPerson(String uid) method.
3. configure the deployerConfigContext to use the above implementation.
Here is a snippet of an example:
@Override
public IPersonAttributes getPerson(String uid) {
UserDetails userDetails = userDetailsService.loadUserByUsername(uid);
Collection<? extends GrantedAuthority> authorities =
userDetails.getAuthorities();
if (!CollectionUtils.isEmpty(authorities)) {
Map<String, List<Object>> attributes = new LinkedHashMap<String,
List<Object>>();
List<Object> authoritiesLst = new LinkedList<Object>();
attributes.put("ROLES", authoritiesLst);
for (GrantedAuthority authority : authorities) {
authoritiesLst.add(authority.getAuthority());
}
IPersonAttributes retVal = new NamedPersonImpl(uid, attributes);
return retVal;
}
}
The user details service is my attributes repository, you can replcae it
with any other repository.
On Mon, Feb 18, 2013 at 4:56 AM, Andrew Chandler <[email protected]> wrote:
> I thought it would but I must be configuring it wrong. The attributes are
> coming in as a list of groups, I need them to be roles, or testable as
> roles in spring, my constructor for the bean you mention had
> "attributes" for a parameter, I'm going to try switching that to groups
> On Feb 17, 2013 8:17 PM, "Scott Battaglia" <[email protected]>
> wrote:
>
>> I haven't tried in a while but doesn't this do what you want?
>>
>> http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html
>>
>> Cheers,
>> Scott
>>
>> On Fri, Feb 15, 2013 at 5:09 PM, Andrew Chandler <[email protected]>wrote:
>>
>>> I'm hoping someone can help me with this before I go bald.
>>>
>>> I've successfully followed the tutorials and got CAS server up and
>>> running on Tomcat on SSL. For now all web applications are hosted in this
>>> single Tomcat instance. Cas is configured to authenticate against
>>> Active Directory via the LDAP Bind process (not fastbind). I also have it
>>> configured to use the attributeRepository
>>> org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao
>>>
>>> Following a different tutorial I setup a simple jsp client webapp that
>>> showes the information it got back from CAS and I see all my AD groups in
>>> the attributes that were placed on the principals.
>>>
>>> What I am trying to do in my Spring based Web App is reproduce what I
>>> successfully did when I had that single webapp authenticating using spring
>>> security to Active Directory. The groups became authorities and were
>>> used in filtering access. My problem is the only client examples I've
>>> seen to access the attributes returned from CAS weren't really
>>> participating in the spring authentication process. I'm looking for a
>>> good, simple example using current versions of spring security (not older
>>> 2.x stuff) that will take the authentication I get back from CAS and use
>>> the "Groups" properties and turn those into roles during the security
>>> filtering process so that the user can access protected resources. Any
>>> info would help.
>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>>
>>>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
Best Regards
Mordechai Tamam
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
