views:

871

answers:

1

I currently have my ldap authentication context set up like this:

    <ldap-server url="ldap://host/dn"
        manager-dn="cn=someuser"
        manager-password="somepass" />
    <authentication-manager>
        <ldap-authentication-provider user-search-filter="(samaccountname={0})"/>
    </authentication-manager> 

Now, I need to be able to set up a custom authorities mapper (it uses a different ldap server) - so I am assuming I need to set up my ldap-server similar to (http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ldap.html):

<bean id="ldapAuthProvider"
        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
  <constructor-arg>
    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg ref="contextSource"/>
      <property name="userDnPatterns">
        <list><value>uid={0},ou=people</value></list>
      </property>
    </bean>
  </constructor-arg>
  <constructor-arg>
    <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
      <constructor-arg ref="contextSource"/>
      <constructor-arg value="ou=groups"/>
      <property name="groupRoleAttribute" value="ou"/>
    </bean>
  </constructor-arg>
</bean>

But, how do I reference that 'ldapAuthProvider' to the ldap-server in the security context?

I am also using spring-security 3, so '' does not exist...

A: 

What I have done to make it work was simply to add this into the security context:

<authentication-manager>
     <authentication-provider ref='ldapAuthProvider'/>
</authentication-manager>

And then, configuring the 'ldapAuthProvider' bean like this:

<bean id="contextSource"
    class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldaps://url/dc=mock,dc=com" />
    <property name="userDn" value="cn=username,ou=People,dc=mock,dc=com" />
    <property name="password" value="password" />
</bean>

<bean id="ldapAuthProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
        <bean
            class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <constructor-arg ref="contextSource" />
            <property name="userDnPatterns">
                <list>
                    <value>uid={0},ou=People</value>
                </list>
            </property>
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean
            class="com.mock.MyCustomAuthoritiesPopulator">
        </bean>
    </constructor-arg>
</bean>

With the implementation of MyCustomAuthoritiesPopulator as follows:

public class MyCustomAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    public Collection<GrantedAuthority> getGrantedAuthorities(
            DirContextOperations arg0, String arg1) {       
        return (Collection<GrantedAuthority>) new GrantedAuthorityImpl("ROLE_USER");        
    }
}
Carlos