It's not a secret anymore!*
The moose likes Security and the fly likes Spring Security 3.1 help required for ldap authorisation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Spring Security 3.1 help required for ldap authorisation" Watch "Spring Security 3.1 help required for ldap authorisation" New topic
Author

Spring Security 3.1 help required for ldap authorisation

Ankan Dutta
Greenhorn

Joined: Apr 12, 2012
Posts: 1
Hi,

I am facing a small problem spring security. In my case ldap authentication is working but the authorisation is not working somehow. Here is what I am doing.

And in my application-context.xml I have defined my ldap authentication provider entry as follows ..

<bean id="opendsAuthenticationProvider"
class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=People</beans:value>
</beans:list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=Groups" />
<property name="groupRoleAttribute" value="cn" />
<property name="searchSubtree" value="false" />
<property name="rolePrefix" value="" />
<property name="convertToUpperCase" value="false" />
</bean>
</constructor-arg>
</bean>


My ldap has the following entry for the developer group ..

dn: ou=Groups,dc=example,dc=com
description: Group ou
objectClass: organizationalUnit
objectClass: top
ou: Groups

dn: cn=developer,ou=Groups,dc=example,dc=com
cn: developer
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: uid=johnsmith,ou=People,dc=example,dc=com



Now when in application-security I am writing the following
<http use-expressions="true">
.....
<intercept-url pattern="/pages/**" access="hasRole('developer')" />
...
</http>
<authentication-manager>
<authentication-provider ref="opendsAuthenticationProvider" />
</authentication-manager>

application is not allowing even johnsmith to view pages matching "/pages/**". Can anybody please help.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Spring Security 3.1 help required for ldap authorisation
 
Similar Threads
weblogic8.1 with open LDAP authentication
Spring/AD authentication ServiceUnavailableException ONLY on ssl 636, not 389
JBOSS LdapLoginModule authentication. Help needed for code to use LoginContext
Issue with Spring LDAP/AD authentication
WLS6.1 - Configuring realm for openLdap