Re: [OT] Authorization and Authentication Question

Wed, 11 Mar 2009 12:49:29 -0700 

2009/3/11 Ashish Kulkarni <ashish.kulkarn...@gmail.com>:
> HiI was able to configure LDAP to do authentication, but how do i use
> UserDetailsService,
> is there any example of how to use this and implement it in my project to
> get user and role from DB2 database

I did that like this, extended DefaultLdapAuthoritiesPopulator and
overrided getAdditionalRoles() method, in such case you can mix roles
from LDAP and from DB. In my case, access to applications was assigned
by LDAP group, but exact roles in application was specified in DB

public class LdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {

  private UserService userSvc;

  public LdapAuthoritiesPopulator(InitialDirContextFactory
initialDirContextFactory, String groupSearchBase) {
    super(initialDirContextFactory, groupSearchBase);
  }

  @Override
  protected Set getAdditionalRoles(LdapUserDetails ldapUser) {
    Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
    User user = userSvc.getUser(ldapUser.getUsername());
    if(user != null) {
      for (Role role : user.getRoles())
        roles.add(new GrantedAuthorityImpl(role.getName()));
    }
    return roles;
  }

  public void setUserSvc(UserService userSvc) {
    this.userSvc = userSvc;
  }

}

applicationContext.xml (I've been using Acegi, but it should be the
same for Spring Security)

  <bean id="ldapAuthProvider"
class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
    <constructor-arg>
      <bean 
class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
        <constructor-arg>
          <ref local="initialDirContextFactory" />
        </constructor-arg>
        <property name="userSearch">
          <ref local="userSearch" />
        </property>
      </bean>
    </constructor-arg>
    <constructor-arg>
      <bean class="com.company.LdapAuthoritiesPopulator"> <!-- HERE IS
MY CLASS -->
        <constructor-arg>
          <ref local="initialDirContextFactory" />
        </constructor-arg>
        <constructor-arg>
          <value>OU=Company,OU=Access Control Groups,OU=Data</value>
        </constructor-arg>
        <property name="convertToUpperCase">
          <value>true</value>
        </property>
        <property name="rolePrefix">
          <value></value>
        </property>
        <property name="searchSubtree">
          <value>true</value>
        </property>
        <property name="groupSearchFilter">
          <value>member={0}</value>
        </property>
        <property name="groupRoleAttribute">
          <value>cn</value>
        </property>
        <property name="userSvc" ref="userSvc"/> <!-- REFERENCE TO
USER SERVICE NEEDED TO ACCESS DB-->
      </bean>
    </constructor-arg>
  </bean>


Regards
-- 
Lukasz
http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to