Personally, I like a combination of the InMemoryDaoimpl to provide the
UserDetailsService (great for development and admin accounts) and then LDAP.
Here's a modified extract from an AppModule file - I've clumped together
things that could be separated, but you get the idea. This uses
bind-authentication with Active Directory.
Enjoy!
public final UserDetailsService buildInMemoryDaoImpl() throws
Exception {
InMemoryDaoImpl dao = new InMemoryDaoImpl();
Properties props = new Properties();
props.put("user", "user,ROLE_USER");
props.put("admin", "admin,ROLE_ADMIN,ROLE_USER");
UserMap userMap = new UserMap();
UserMapEditor.addUsersFromProperties(userMap, props);
dao.setUserMap(userMap);
dao.afterPropertiesSet();
return dao;
}
public final InitialDirContextFactory
buildInitialDirContextFactory() {
DefaultInitialDirContextFactory factory = new
DefaultInitialDirContextFactory(
"ldap://server.company.com:389/DC=company,DC=com";);
factory
.setManagerDn("cn=Jonathan A.
Barker,OU=Service Accounts,OU=People,DC=company,DC=com");
factory.setManagerPassword("password");
Map<String, String> extraEnvVars = new HashMap<String,
String>();
extraEnvVars.put("java.naming.referral", "follow");
factory.setExtraEnvVars(extraEnvVars);
return factory;
}
public static AuthenticationProvider
buildLdapAuthenticationProvider(
InitialDirContextFactory factory) throws Exception {
FilterBasedLdapUserSearch userSearch = new
FilterBasedLdapUserSearch(
"ou=People", "(sAMAccountName={0})",
factory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
BindAuthenticator authenticator = new
BindAuthenticator(factory);
authenticator.setUserSearch(userSearch);
authenticator.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator populator = new
DefaultLdapAuthoritiesPopulator(
factory, "");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("member={0}");
populator.setDefaultRole("ROLE_ANONYMOUS");
populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true);
populator.setRolePrefix("ROLE_");
LdapAuthenticationProvider provider = new
LdapAuthenticationProvider(
authenticator, populator);
return provider;
}
public static void contributeProviderManager(
OrderedConfiguration<AuthenticationProvider>
configuration,
@InjectService("DaoAuthenticationProvider")
AuthenticationProvider daoAuthenticationProvider,
@InjectService("LdapAuthenticationProvider")
AuthenticationProvider ldapAuthenticationProvider) {
configuration.add("daoAuthenticationProvider",
daoAuthenticationProvider);
configuration.add("ldapAuthenticationProvider",
ldapAuthenticationProvider);
}
> -----Original Message-----
> From: Hugo Palma [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 14:29
> To: Tapestry users
> Subject: Using LDAP with tapestry5-acegi
>
> It seems that tapestry5-acegi only works with an
> DaoAuthenticationProvider. I say this because if no UserDetailsService
> implementation is provided an error is thrown at startup.
>
> So, any ideas how i can use tapestry5-acegi with an
> LdapAuthenticationProvider ?
>
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
