I answered my own question and wanted to post this in case someone else
needed help or for possible improvement on my solution.
Login.class method
Object onSubmit() {
try {
//Remote Authentication
RemoteLoginClient client = new RemoteLoginClient ();
RemoteSubject authenticate =
client.authenticate(formatUsername(username), password);
//tapestry security authentication
Subject currentUser = SecurityUtils.getSubject();
CustomAuthenticationToken token = new
CustomAuthenticationToken(authenticate.getUsername(),
authenticate.getRoles());
currentUser.login(token);
} //catch errors
}
//Custom token used to hold username and roles which are set from remote
authentication service.
public class CustomAuthenticationToken implements AuthenticationToken {
private String username;
private List<String> roles;
public CustomAuthenticationToken(String username, List<String> roles) {
this.username = username;
this.roles = roles;
}
getters/setters
//Custom Realm used to handle local authentication and authorization.
public class CustomRealm extends AuthorizingRealm {
//Hibernate Session
private final Session session;
public static final String EMPTY_PASSWORD = "";
public CustomRealm(Session session) {
this.session = session;
setCredentialsMatcher(new AllowAllCredentialsMatcher());
setAuthenticationTokenClass(CustomAuthenticationToken.class);
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
CustomAuthenticationToken customToken = (CustomAuthenticationToken)
token;
String email = customToken .getUsername();
List<String> roles = customToken .getRoles();
User user = (User) session.createCriteria(User.class)
.add(Restrictions.like("email", emai l+ "%"))
.uniqueResult();
if (user == null) {
throw new UnknownAccountException("User doesn't exist in local
database");
}
return new SimpleAuthenticationInfo(new HRIPrincipal(user, roles),
EMPTY_PASSWORD, getName());
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
Set<String> roleNames = new LinkedHashSet<String>();
CustomPrincipal primaryPrincipal = (CustomPrincipal)
principals.getPrimaryPrincipal();
for(String role : primaryPrincipal.getRoles()) {
roleNames.add(role);
}
return new SimpleAuthorizationInfo(roleNames);
}
}
//Custom principal used to hold user object and roles
public class CustomPrincipal {
private User user;
private List<String> roles;
public CustomPrincipal() {
}
public CustomPrincipal(User user, List<String> roles) {
this.user = user;
this.roles = roles;
}
getters/setters
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-and-LDAP-authorization-tp7096956p7523553.html
Sent from the Shiro User mailing list archive at Nabble.com.
