Hi Guys
I am using CAS 4 - Spring Security - Active directory.
Have anyone able to successfully set the granted authorities from the roles
retrieved after successful authentication ?
Internet searches suggest to use
'GrantedAuthorityFromAssertionAttributesUserDetailsService' which would set
the granted authroites, but I am not able to.
I am releasing this variable 'role' using allowedAttributes in the service.
I am also able to retrieve the role from LDAP and assign it to the role
variable as below,
<beans:bean id="authenticationUserDetailsService"
class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"
>
<beans:constructor-arg >
<beans:array>
<beans:value>role</beans:value>
</beans:array>
</beans:constructor-arg>
</beans:bean>
When try to check hasRoles('MY_ROLE'), I gets access denied 403 and it
seems I am not able to set the retrieved roles on granted authorities.
10:00:24,340 DEBUG http-bio-8443-exec-10
intercept.FilterSecurityInterceptor:310 - Previously Authenticated:
org.springframework.security.cas.authentication.CasAuthenticationToken@e848bc56:
Principal:
org.springframework.security.core.userdetails.User@a4b4d0a7: Username:
taylorj; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Not granted any
authorities; Credentials: [PROTECTED]; Authenticated: true; Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@b364:
RemoteIpAddress: 10.100.20.125; Session
Id: 4652D17239607600EF2748E939F70BB0; Not granted any authorities Assertion:
org.jasig.cas.client.validation.AssertionImpl@4a269585 Credentials
(Service/Proxy Ticket): ST-1-tuVjcs2BP2UvyVUe50bZ-cas01.xxxx
Have any one tested this feature ?
Is this working in CAS 4 or is it a bug ?
Thanks
Jay
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
