Custom Registry is a safe option.
Configure the LDAP setting, switch on security on the global level.
Once that is done,
In your application build in the
ant, add the following line for the application.xml
<security-role id="SecurityRole_1">
<description>SomeThing of your choice</description>
<role-name>WhoIsAllowed</role-name>
</security-role>
Then through the security console map the application role into
the ldap principle name and domain.
This is a way to implement the security without programmetic way.
Thanks