[cas-user] CAS 4 - How to set granted authorities after successful login ? ... 'coz needed for authorisation on services

Wed, 08 Oct 2014 05:51:24 -0700 

Hi All

I am able to authenticate successfully on CAS4 / Active Directory setup.
And I am able to retrieve the memberOf attribute from LDAP which has all 
the roles as below. 

But not able to populate these roles again back to the spring security 
context.
I need this in other services (web apps) so that I can check if the user 
has any particular roles using spring's hasRole('ROLE_CIR_EDITOR') method.
Any idea please ?

I have also attached the config file.


---------------------------------------
2014-10-08 12:33:52,182 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
<Attribute map for taylorj: {FullName=James TAYLOR, displayName=James 
TAYLOR, LastName=TAYLOR, memberOf=
[CN=USERTOKEN,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_APP_NOTIFICATION,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_CIR_AUTHORISER,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_APP_SANCTI
ONS_DB,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_APP_COLLEGES,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_APP_CIR,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL, 
CN=ROLE_CIR_EDITOR,OU=GROUPS,OU=EGAT
E,DC=EGATE-T,DC=LOCAL]}>

...
...
...

10:20:43,104 DEBUG http-bio-8443-exec-3 web.CasAuthenticationFilter:319 - 
Authentication success. Updating SecurityContextHolder to contain: 
org.springframework.security.cas.authentication.CasAuthenti
cationToken@a7d07e5d: Principal: 
org.springframework.security.core.userdetails.User@a4b4d0a7: Username: 
taylorj; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; 
credentialsNonExpired: t
rue; AccountNonLocked: true; Not granted any authorities; Credentials: 
[PROTECTED]; Authenticated: true; Details: 
org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938:
 
Rem
oteIpAddress: 10.100.20.125; SessionId: FD8AF86D5D8D24A5D47443C24D6EE889; Not 
granted any authorities Assertion: 
org.jasig.cas.client.validation.AssertionImpl@5d3817f Credentials 
(Service/Proxy Ticket
): ST-1-hvH5puV3T5WA3mwkAGpA-cas01.eba.europa.eu

---------------------------------------

Thanks
Jay

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Attachment: deployerConfigContext.xml
Description: XML document

Attachment: spring-security.xml
Description: XML document

Reply via email to