Which file are you talking about in Appfuse 2.x?
Are these settings ok also for Active Directory?
Thanks a lot.
ulypses73
mraible wrote:
>
> Here's what I've done in the past to get LDAP working with AppFuse 1.9.4:
>
> 1. Change the "authenticationManager" bean to use "ldapProvider"
> instead of "daoAuthenticationProvider":
>
> <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref local="ldapProvider"/>
> <!--ref local="daoAuthenticationProvider"/-->
> <ref local="anonymousAuthenticationProvider"/>
> <ref local="rememberMeAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
> 2. Added ldapProvider and supporting beans:
>
> <bean id="ldapProvider"
> class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
> <constructor-arg>
> <bean
> class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
> <constructor-arg ref="initialDirContextFactory"/>
> <property name="userDnPatterns">
> <list>
> <value>uid={0}</value>
> </list>
> </property>
> <property name="userSearch" ref="userSearch"/>
> <property name="userDetailsMapper"
> ref="ldapUserDetailsMapper"/>
> </bean>
> </constructor-arg>
> <constructor-arg>
> <bean
> class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
> <constructor-arg ref="initialDirContextFactory"/>
> <constructor-arg value=""/>
> <property name="groupRoleAttribute" value="cn"/>
> <property name="groupSearchFilter"
> value="(&(objectclass=groupOfUniqueNames)(uniqueMember={0}))"/>
> <property name="searchSubtree" value="true"/>
> <property name="rolePrefix" value=""/>
> <property name="convertToUpperCase" value="false"/>
> </bean>
> </constructor-arg>
> </bean>
>
> <bean id="initialDirContextFactory"
> class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
> <constructor-arg value="${ldap.url}/${ldap.base}"/>
> <property name="managerDn" value="${ldap.username}"/>
> <property name="managerPassword" value="${ldap.password}"/>
> </bean>
>
> <bean id="userSearch"
> class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
> <constructor-arg index="0" value=""/>
> <constructor-arg index="1" value="(uid={0})"/>
> <constructor-arg index="2" ref="initialDirContextFactory"/>
> <property name="searchSubtree" value="true"/>
> </bean>
>
> <bean id="ldapUserDetailsMapper"
> class="org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper">
> <property name="rolePrefix" value=""/>
> </bean>
>
> 3. Change the passwordEncoder bean to be LdapShaPasswordEncoder:
>
> <bean id="passwordEncoder"
> class="org.acegisecurity.providers.ldap.authenticator.LdapShaPasswordEncoder"/>
>
> In this example, my ldap.properties (which populates
> initialDirContextFactory) is set to:
>
> ldap.url=ldap://localhost:1389
> ldap.base=ou=system
> ldap.username=uid=admin,ou=system
> ldap.password=secret
>
> HTH,
>
> Matt
>
> On 4/9/07, ChenRanHow <[EMAIL PROTECTED]> wrote:
>> Dear all
>>
>> I try to use Appfuse 1.9.4 with apache DS
>>
>> I use the ldif download from apache DS
>>
>>
>> http://directory.apache.org/apacheds/1.0/15-about-the-sample-configurations-and-sample-directory-data.data/apache_ds_tutorial.ldif
>>
>> when login, I always get the error below
>>
>> //-------------------
>> [appfuse] WARN [http-80-Processor25]
>> LoggerListener.onApplicationEvent(55) | Authentication event
>> AuthenticationFailureB
>> adCredentialsEvent: jfryer; details:
>> [EMAIL PROTECTED]:
>> RemoteIpAddress: 127.0.0.1;
>> SessionId: 4EA50EF9019AA1D0630D1B1A1F88E663; exception: Bad credentials
>> //-------------------
>>
>> Below is the security.xml
>>
>> //-------------------
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns="http://www.springframework.org/schema/beans";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:aop="http://www.springframework.org/schema/aop";
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://www.springframework.org/schema/aop
>> http://www.springframework.org/schema/aop/spring-aop-2.0.xsd";>
>>
>> <!-- ======================== FILTER CHAIN =======================
>> -->
>> <bean id="filterChainProxy"
>> class="org.acegisecurity.util.FilterChainProxy">
>> <property name="filterInvocationDefinitionSource">
>> <value>
>> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>> PATTERN_TYPE_APACHE_ANT
>>
>> /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
>> </value>
>> <!-- Put channelProcessingFilter before
>> securityContextHolderAwareRequestFilter to turn on SSL switching -->
>> <!-- It's off by default b/c Canoo WebTest doesn't support
>> SSL out-of-the-box -->
>> </property>
>> </bean>
>>
>> <bean id="httpSessionContextIntegrationFilter"
>> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
>>
>> <bean id="logoutFilter"
>> class="org.acegisecurity.ui.logout.LogoutFilter">
>> <constructor-arg value="/index.jsp"/> <!-- URL redirected to
>> after logout -->
>> <constructor-arg>
>> <list>
>> <ref bean="rememberMeServices"/>
>> <bean
>> class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
>> </list>
>> </constructor-arg>
>> <property name="filterProcessesUrl" value="/logout.jsp"/>
>> </bean>
>>
>> <bean id="authenticationProcessingFilter"
>> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="authenticationFailureUrl"
>> value="/login.jsp?error=true"/>
>> <property name="defaultTargetUrl" value="/"/>
>> <property name="filterProcessesUrl" value="/j_security_check"/>
>> <property name="rememberMeServices" ref="rememberMeServices"/>
>> </bean>
>>
>> <bean id="securityContextHolderAwareRequestFilter"
>> class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
>>
>> <bean id="rememberMeProcessingFilter"
>> class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="rememberMeServices" ref="rememberMeServices"/>
>> </bean>
>>
>> <bean id="anonymousProcessingFilter"
>> class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
>> <property name="key" value="anonymous"/>
>> <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
>> </bean>
>>
>> <bean id="exceptionTranslationFilter"
>> class="org.acegisecurity.ui.ExceptionTranslationFilter">
>> <property name="authenticationEntryPoint">
>> <bean
>> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
>> <property name="loginFormUrl" value="/login.jsp"/>
>> <property name="forceHttps" value="false"/>
>> </bean>
>> </property>
>> </bean>
>>
>> <bean id="filterInvocationInterceptor"
>> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="accessDecisionManager"
>> ref="accessDecisionManager"/>
>> <property name="objectDefinitionSource">
>> <value>
>> PATTERN_TYPE_APACHE_ANT
>> /clickstreams.jsp*=admin
>> /flushCache.*=admin
>> /passwordHint.html*=ROLE_ANONYMOUS,admin,user
>> /reload.*=admin
>> /signup.html*=ROLE_ANONYMOUS,admin,user
>> /users.html*=admin
>> /**/*.html*=admin,user
>> </value>
>> </property>
>> </bean>
>>
>> <bean id="accessDecisionManager"
>> class="org.acegisecurity.vote.AffirmativeBased">
>> <property name="allowIfAllAbstainDecisions" value="false"/>
>> <property name="decisionVoters">
>> <list>
>> <bean class="org.acegisecurity.vote.RoleVoter">
>> <property name="rolePrefix" value=""/>
>> </bean>
>> </list>
>> </property>
>> </bean>
>>
>> <bean id="rememberMeServices"
>> class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
>> <property name="userDetailsService" ref="userDao"/>
>> <property name="key" value="appfuseRocks"/>
>> <property name="parameter" value="rememberMe"/>
>> </bean>
>>
>> <bean id="authenticationManager"
>> class="org.acegisecurity.providers.ProviderManager">
>> <property name="providers">
>> <list>
>> <ref local="ldapAuthProvider"/>
>> <ref local="anonymousAuthenticationProvider"/>
>> <ref local="rememberMeAuthenticationProvider"/>
>> </list>
>> </property>
>> </bean>
>>
>> <bean id="initialDirContextFactory"
>> class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
>> <constructor-arg value="ldap://localhost"/>
>> <property name="managerDn">
>> <value>uid=admin,OU=system</value>
>> </property>
>> <property name="managerPassword">
>> <value>secret</value>
>> </property>
>> </bean>
>>
>> <bean id="userSearch"
>>
>> class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
>> <constructor-arg index="0">
>> <value></value>
>> </constructor-arg>
>> <constructor-arg index="1">
>> <value>(uid={0})</value>
>> </constructor-arg>
>> <constructor-arg index="2">
>> <ref local="initialDirContextFactory" />
>> </constructor-arg>
>> <property name="searchSubtree">
>> <value>true</value>
>> </property>
>> </bean>
>>
>> <bean id="ldapAuthProvider"
>>
>> class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
>> <constructor-arg>
>> <bean
>> class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
>> <constructor-arg><ref
>> local="initialDirContextFactory"/></constructor-arg>
>> <property
>> name="userDnPatterns"><list><value>uid={0},ou=people,o=sevenSeas</value></list></property>
>> </bean>
>> </constructor-arg>
>> <constructor-arg>
>> <bean
>> class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
>> <constructor-arg><ref
>> local="initialDirContextFactory"/></constructor-arg>
>> <constructor-arg><value>ou=groups</value></constructor-arg>
>> <property
>> name="groupRoleAttribute"><value>ou</value></property>
>> </bean>
>> </constructor-arg>
>> </bean>
>>
>>
>> <bean id="anonymousAuthenticationProvider"
>> class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
>> <property name="key" value="anonymous"/>
>> </bean>
>>
>> <bean id="rememberMeAuthenticationProvider"
>> class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
>> <property name="key" value="appfuseRocks"/>
>> </bean>
>>
>> <!-- This bean definition must be available to
>> ApplicationContext.getBean() so StartupListener
>> can look for it and detect if password encryption is turned
>> on or not -->
>> <bean id="passwordEncoder"
>> class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
>>
>> <!-- This bean is optional; it isn't used by any other bean as it
>> only listens and logs -->
>> <bean id="loggerListener"
>> class="org.acegisecurity.event.authentication.LoggerListener"/>
>>
>> <!-- Apply method-level interceptor to userManager bean -->
>> <aop:config>
>> <aop:advisor id="managerSecurity"
>> advice-ref="methodSecurityInterceptor" pointcut="execution(*
>> org.appfuse.service.UserManager.*(..))"/>
>> </aop:config>
>>
>> <bean id="methodSecurityInterceptor"
>> class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="accessDecisionManager"
>> ref="accessDecisionManager"/>
>> <property name="objectDefinitionSource">
>> <value>
>> org.appfuse.service.UserManager.getUsers=admin
>> org.appfuse.service.UserManager.removeUser=admin
>> </value>
>> </property>
>> </bean>
>>
>> <!-- SSL Switching: to use this, configure it in the
>> filterChainProxy bean -->
>> <bean id="channelProcessingFilter"
>> class="org.acegisecurity.securechannel.ChannelProcessingFilter">
>> <property name="channelDecisionManager"
>> ref="channelDecisionManager"/>
>> <property name="filterInvocationDefinitionSource">
>> <value>
>> PATTERN_TYPE_APACHE_ANT
>> /admin/**=REQUIRES_SECURE_CHANNEL
>> /login*=REQUIRES_SECURE_CHANNEL
>> /j_security_check*=REQUIRES_SECURE_CHANNEL
>> /editProfile.html*=REQUIRES_SECURE_CHANNEL
>> /signup.html*=REQUIRES_SECURE_CHANNEL
>> /saveUser.html*=REQUIRES_SECURE_CHANNEL
>> /**=REQUIRES_INSECURE_CHANNEL
>> </value>
>> </property>
>> </bean>
>>
>> <bean id="channelDecisionManager"
>> class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
>> <property name="channelProcessors">
>> <list>
>> <bean
>> class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
>> <bean
>> class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
>> </list>
>> </property>
>> </bean>
>> </beans>
>>
>> //-------------------
>>
>> If anyone could give me help ? ^^
>>
>> Thanks very much.
>>
>> --
>> ChenRanHow
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> http://raibledesigns.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Ldap-error%2C-exception%3A-Bad-credentials-tp9900039s2369p18378771.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
