Thanks Jonathan for that. Unclear on some stuff tho. Since we are using a LDAP based authentication provider do we need to have a UserDetailsServiceImpl?
http://www.localhost.nu/java/tapestry5-acegi/ : If I am to use this, then it assumes having a UserDetailsServiceImpl. Also, when we do configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide r) How does the Acegi framework get to know abt the LDAP authentication provider. -----Original Message----- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 27 March 2008 18:28 To: 'Tapestry users' Subject: RE: Tapestry 5 - Acegi ,, using LDAP authentication provider Here are the relevant portions (with identifying info stripped out) for authentication with Active Directory. With AD, you need to use bind-based authentication. If you are using something like OpenLDAP, you may have access to the password or password hash, so you would change the authenticator. I have also lumped together building the BindAuthenticator, UserSearch, DefaultLdapauthoritiesPopulator into the buildLdapAuthenticationProvider() function. These could be factored out. I'm also using an InMemoryDaoImpl for some development logins. public final InitialDirContextFactory buildInitialDirContextFactory(){ DefaultInitialDirContextFactory factory = new DefaultInitialDirContextFactory("ldap://server.domain.com:389/DC=domain, DC=c om"); factory.setManagerDn("cn=Ldap Account ,OU=Service Accounts,OU=People,DC=domain,DC=com"); factory.setManagerPassword("password"); Map<String,String> extraEnvVars = new HashMap<String,String>(); extraEnvVars.put("java.naming.referral", "follow"); factory.setExtraEnvVars(extraEnvVars); return factory; } public static AuthenticationProvider buildLdapAuthenticationProvider(InitialDirContextFactory factory ) throws Exception { FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("ou=People","(sAMAccountName={0})",factory); userSearch.setSearchSubtree(true); userSearch.setDerefLinkFlag(true); BindAuthenticator authenticator = new BindAuthenticator(factory); authenticator.setUserSearch(userSearch); authenticator.afterPropertiesSet(); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(factory,""); populator.setGroupRoleAttribute("cn"); populator.setGroupSearchFilter("member={0}"); populator.setDefaultRole("ROLE_ANONYMOUS"); populator.setConvertToUpperCase(true); populator.setSearchSubtree(true); populator.setRolePrefix("ROLE_"); LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator,populator); return provider; } public static void contributeProviderManager( OrderedConfiguration<AuthenticationProvider> configuration, @InjectService("DaoAuthenticationProvider") AuthenticationProvider daoAuthenticationProvider, @InjectService("LdapAuthenticationProvider") AuthenticationProvider ldapAuthenticationProvider){ configuration.add("daoAuthenticationProvider",daoAuthenticationProvider) ; configuration.add("ldapAuthenticationProvider",ldapAuthenticationProvide r); } > -----Original Message----- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2008 10:14 AM > To: users@tapestry.apache.org > Subject: Tapestry 5 - Acegi ,, using LDAP authentication provider > > Hi everybody. > > > > I am trying to integrate tapestry 5 with Acegi security. > > The authentication provider that I am using is LDAP based. > > > > I see that most of the examples refer to using DAOAuthentication > provider. > > Just checking if there is someone who used LDAP for the authentication. > > > > I went thru http://www.localhost.nu/java/tapestry5-acegi/ > > , but looks like it is not using LDAP authentication. > > > > Cheers > > > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
