Here are the relevant portions (with identifying info stripped out) for
authentication with Active Directory. With AD, you need to use bind-based
authentication.
If you are using something like OpenLDAP, you may have access to the
password or password hash, so you would change the authenticator.
I have also lumped together building the BindAuthenticator, UserSearch,
DefaultLdapauthoritiesPopulator into the buildLdapAuthenticationProvider()
function. These could be factored out.
I'm also using an InMemoryDaoImpl for some development logins.
public final InitialDirContextFactory buildInitialDirContextFactory(){
DefaultInitialDirContextFactory factory = new
DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain,DC=c
om");
factory.setManagerDn("cn=Ldap Account ,OU=Service
Accounts,OU=People,DC=domain,DC=com");
factory.setManagerPassword("password");
Map<String,String> extraEnvVars = new HashMap<String,String>();
extraEnvVars.put("java.naming.referral", "follow");
factory.setExtraEnvVars(extraEnvVars);
return factory;
}
public static AuthenticationProvider
buildLdapAuthenticationProvider(InitialDirContextFactory factory ) throws
Exception {
FilterBasedLdapUserSearch userSearch = new
FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
BindAuthenticator authenticator = new BindAuthenticator(factory);
authenticator.setUserSearch(userSearch);
authenticator.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator populator = new
DefaultLdapAuthoritiesPopulator(factory,"");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("member={0}");
populator.setDefaultRole("ROLE_ANONYMOUS");
populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true);
populator.setRolePrefix("ROLE_");
LdapAuthenticationProvider provider = new
LdapAuthenticationProvider(authenticator,populator);
return provider;
}
public static void contributeProviderManager(
OrderedConfiguration<AuthenticationProvider> configuration,
@InjectService("DaoAuthenticationProvider") AuthenticationProvider
daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider")
AuthenticationProvider ldapAuthenticationProvider){
configuration.add("daoAuthenticationProvider",daoAuthenticationProvider);
configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvider);
}
> -----Original Message-----
> From: Mahen Perera [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 27, 2008 10:14 AM
> To: users@tapestry.apache.org
> Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider
>
> Hi everybody.
>
>
>
> I am trying to integrate tapestry 5 with Acegi security.
>
> The authentication provider that I am using is LDAP based.
>
>
>
> I see that most of the examples refer to using DAOAuthentication
> provider.
>
> Just checking if there is someone who used LDAP for the authentication.
>
>
>
> I went thru http://www.localhost.nu/java/tapestry5-acegi/
>
> , but looks like it is not using LDAP authentication.
>
>
>
> Cheers
>
>
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
