File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring Security 3.1 help required for ldap authorisation

 
Ankan Dutta
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am facing a small problem spring security. In my case ldap authentication is working but the authorisation is not working somehow. Here is what I am doing.

And in my application-context.xml I have defined my ldap authentication provider entry as follows ..

<bean id="opendsAuthenticationProvider"
class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=People</beans:value>
</beans:list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=Groups" />
<property name="groupRoleAttribute" value="cn" />
<property name="searchSubtree" value="false" />
<property name="rolePrefix" value="" />
<property name="convertToUpperCase" value="false" />
</bean>
</constructor-arg>
</bean>


My ldap has the following entry for the developer group ..

dn: ou=Groups,dc=example,dc=com
description: Group ou
objectClass: organizationalUnit
objectClass: top
ou: Groups

dn: cn=developer,ou=Groups,dc=example,dc=com
cn: developer
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: uid=johnsmith,ou=People,dc=example,dc=com



Now when in application-security I am writing the following
<http use-expressions="true">
.....
<intercept-url pattern="/pages/**" access="hasRole('developer')" />
...
</http>
<authentication-manager>
<authentication-provider ref="opendsAuthenticationProvider" />
</authentication-manager>

application is not allowing even johnsmith to view pages matching "/pages/**". Can anybody please help.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic