2009/3/11 Ashish Kulkarni <ashish.kulkarn...@gmail.com>: > HiI was able to configure LDAP to do authentication, but how do i use > UserDetailsService, > is there any example of how to use this and implement it in my project to > get user and role from DB2 database
I did that like this, extended DefaultLdapAuthoritiesPopulator and overrided getAdditionalRoles() method, in such case you can mix roles from LDAP and from DB. In my case, access to applications was assigned by LDAP group, but exact roles in application was specified in DB public class LdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator { private UserService userSvc; public LdapAuthoritiesPopulator(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) { super(initialDirContextFactory, groupSearchBase); } @Override protected Set getAdditionalRoles(LdapUserDetails ldapUser) { Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>(); User user = userSvc.getUser(ldapUser.getUsername()); if(user != null) { for (Role role : user.getRoles()) roles.add(new GrantedAuthorityImpl(role.getName())); } return roles; } public void setUserSvc(UserService userSvc) { this.userSvc = userSvc; } } applicationContext.xml (I've been using Acegi, but it should be the same for Spring Security) <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="initialDirContextFactory" /> </constructor-arg> <property name="userSearch"> <ref local="userSearch" /> </property> </bean> </constructor-arg> <constructor-arg> <bean class="com.company.LdapAuthoritiesPopulator"> <!-- HERE IS MY CLASS --> <constructor-arg> <ref local="initialDirContextFactory" /> </constructor-arg> <constructor-arg> <value>OU=Company,OU=Access Control Groups,OU=Data</value> </constructor-arg> <property name="convertToUpperCase"> <value>true</value> </property> <property name="rolePrefix"> <value></value> </property> <property name="searchSubtree"> <value>true</value> </property> <property name="groupSearchFilter"> <value>member={0}</value> </property> <property name="groupRoleAttribute"> <value>cn</value> </property> <property name="userSvc" ref="userSvc"/> <!-- REFERENCE TO USER SERVICE NEEDED TO ACCESS DB--> </bean> </constructor-arg> </bean> Regards -- Lukasz http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org