Hi Vladimir, I took the liberty of sending my reply to the Shiro user list (this seems to be strictly an Apache Shiro question/comment rather than tapestry-security one). I'm glad you figured out how to enable SSL - that's the nature of programming, some things just take needlessly long. Many other users have said the same thing about JndiLdapRealm, that it's too limited. It's a bit difficult however to cover LDAP with a single implementation. It's not terribly difficult to write a new realm though - I often view the built-in Shiro realms more as a sample code than something that should work out of the box.
Kalle On Mon, Jul 9, 2012 at 12:02 AM, Vladimir Bauer <[email protected]> wrote: > Hi Kalle, > > > > Recently I’ve discovered shiro and tapestry-security to myself. > > I was choosing between Spring Security and Shiro. > > > > In my tapestry web project, I need to authenticate users against ldap. > > The corporate ldap allows authentication only over SSL. > > > > So my concern is that I was not able to setup JndiLdapContextFactory by > provided setters to lead to successful authentication. > > I only succeed after setting up Hashtable env, the code is below. > > > > public static void contributeWebSecurityManager(Configuration<Realm> > configuration) { > > // ExtendedPropertiesRealm realm = new > ExtendedPropertiesRealm("classpath:shiro-users.properties"); > > // configuration.add(realm); > > > > JndiLdapRealm ldapRealm = new JndiLdapRealm(); > > > > ldapRealm.setUserDnTemplate("cn={0},ou=employee,o=slb,c=an"); > > // JndiLdapContextFactory contextFactory = > ((JndiLdapContextFactory) ldapRealm.getContextFactory()); > > // contextFactory.setUrl("ldap://ldap.slb.com:636/o=slb,c=an";); > > // contextFactory.setAuthenticationMechanism("simple"); > > // configuration.add(ldapRealm); > > > > Hashtable env = new Hashtable(4); > > > env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); > > env.put(Context.PROVIDER_URL, "ldap://ldap.slb.com:636/o=slb,c=an";); > > env.put(Context.SECURITY_PROTOCOL, "ssl"); > > env.put(Context.SECURITY_AUTHENTICATION, "simple"); > > > > JndiLdapContextFactory contextFactory = ((JndiLdapContextFactory) > ldapRealm.getContextFactory()); > > contextFactory.setEnvironment(env); > > > > configuration.add(ldapRealm); > > > > } > > > > > > As a conclusion, may I address suggestion to implement method for setting > SSL? > > Something like setSSL(Boolean b). > > Building hashtable env, took me much time to read about JNDI. > > This isn’t a user friendly approach as well. > > > > Finally I found JndiLdapRealm very limited, so I’ll implement my own ldap > realm with Spring LDAP framework. > > > > Kind regards, > > Vladimir Bauer > Onsite I.T. Support > > Schlumberger Balkanabat > Phone: + 993 222 74656 ext.100 > Mobile: +99364053403 > E-Mail: [email protected] > > > >
