Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.
The following page has been changed by HugoPalma: http://wiki.apache.org/tapestry/Tapestry5HowToSecureWithSpringAndLDAP ------------------------------------------------------------------------------ + This article describes how you can easily integrate Tapestry5 with [http://static.springframework.org/spring-security/site/index.html Spring Security] using LDAP for storing your users and roles. - ## page was renamed from Tapestry5HowToIntegrateWithAcegiAndLDAP - This article describes how you can easily integrate Tapestry5 with Acegi using LDAP for storing your users and roles. == Setting up == - The only additional dependency you'll need is the tapestry-spring-security integration module that you can find [http://www.localhost.nu/java/tapestry-spring-security here]. If your using maven you can download it by adding the following to your POM: + The only additional dependencies you'll need is the tapestry-spring-security integration module that you can find [http://www.localhost.nu/java/tapestry-spring-security here] and the [http://www.springframework.org/ldap spring-ldap] project. If your using maven you can download them by adding the following to your POM: {{{ <dependency> @@ -46, +45 @@ {{{ public class SecurityModule { - public static UserDetailsService buildLdapUserDetailsService(final @Inject LdapUserSearch ldapUserSearch, final Logger logger) + public static UserDetailsService buildLdapUserDetailsService(final @Inject LdapUserSearch ldapUserSearch, + final @Inject @Value("${ldap-user-description-attribute}") String userDescriptionAttribute, + final Logger logger) { return new UserDetailsService() { @@ -60, +61 @@ { try { - return ldapUserSearch.searchForUser(username); + DirContextOperations user = ldapUserSearch.searchForUser(username); + + Person.Essence person = new Person.Essence(user); + person.setDescription(user.getAttributes("").get(userDescriptionAttribute).get().toString()); + person.setUsername(username); + + return person.createUserDetails(); } catch (UsernameNotFoundException ex) { logger.info("Couldn't find user with username \"" + username + "\"."); + + return null; + } catch (NamingException ex) + { + logger.error("Error finding user with username \"" + username + "\"."); return null; } @@ -71, +83 @@ }; } - public static InitialDirContextFactory buildInitialDirContextFactory(@Inject @Value("${ldap-provider-url}") String providerUrl, + public static SpringSecurityContextSource buildInitialDirContextFactory(@Inject @Value("${ldap-provider-url}") String providerUrl, - @Inject @Value("${ldap-manager-dn}") String managerDn, + @Inject @Value("${ldap-manager-dn}") String managerDn, - @Inject @Value("${ldap-manager-password}") String managerPassword) + @Inject @Value("${ldap-manager-password}") String managerPassword) throws Exception { assert providerUrl != null; @@ -82, +94 @@ assert managerPassword != null; // Initialize the context factory - DefaultInitialDirContextFactory factory = new DefaultInitialDirContextFactory(providerUrl); - factory.setManagerDn(managerDn); + DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(providerUrl); + contextSource.setUserDn(managerDn); - factory.setManagerPassword(managerPassword); + contextSource.setPassword(managerPassword); + contextSource.afterPropertiesSet(); + return contextSource; - // Sets the referral property of the Context (http://java.sun.com/j2se/1.5.0/docs/api/javax/naming/Context.html#REFERRAL) - Map<String, String> extraEnvVars = new HashMap<String, String>(); - extraEnvVars.put("java.naming.referral", "follow"); - factory.setExtraEnvVars(extraEnvVars); - - return factory; } - public static LdapUserSearch buildFilterBasedLdapUserSearch(InitialDirContextFactory factory, + public static LdapUserSearch buildFilterBasedLdapUserSearch(SpringSecurityContextSource factory, @Inject @Value("${ldap-users-search-base}") String usersSearchBase) { FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(usersSearchBase, "(cn={0})", factory); @@ -107, +115 @@ return userSearch; } - public static AuthenticationProvider buildLdapAuthenticationProvider(InitialDirContextFactory factory, @Inject LdapUserSearch ldapUserSearch, + public static AuthenticationProvider buildLdapAuthenticationProvider(SpringSecurityContextSource factory, @Inject LdapUserSearch ldapUserSearch, @Inject @Value("${ldap-roles-search-base}") String rolesSearchBase) throws Exception { @@ -135, +143 @@ public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration) { // Url redirected to when trying to use a secured class and/or method. - configuration.add("acegi.loginform.url", "/login"); + configuration.add("spring-security.loginform.url", "/login"); // Url redirected to when fails to login. - configuration.add("acegi.failure.url", "/login/failed"); + configuration.add("spring-security.failure.url", "/login/failed"); // If set to other than empty, the request dispatcher will "forward" to this specified error page view. From Acegi documentation: The error page to use. // Must begin with a "/" and is interpreted relative to the current context root. - configuration.add("acegi.accessDenied.url", "/accessdenied"); + configuration.add("spring-security.accessDenied.url", "/accessdenied"); // Change the default password encoder. Must implement org.acegisecurity.providers.encoding.PasswordEncoder. - configuration.add("acegi.password.encoder", "org.acegisecurity.providers.encoding.Md5PasswordEncoder"); + configuration.add("spring-security.password.encoder", "org.springframework.security.providers.encoding.Md5PasswordEncoder"); // Page redirected to after a successful logout. - configuration.add("acegi.afterlogout.page", "Index"); + configuration.add("spring-security.afterlogout.page", "Index"); } } }}} @@ -158, +166 @@ == Lets use it == - Using this couldn't be simpler. Secure your application the way its described [http://www.localhost.nu/java/tapestry5-acegi/usage.html here]. + Using this couldn't be simpler. Secure your application the way its described [http://www.localhost.nu/java/tapestry-spring-security/conf.html here]. Just add the @Secured annotation on your page classes and methods and it's done. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
