java - How do I use a custom authorities populator with Spring Security and the ActiveDirectoryLdapAuthenticationProvider? -


i've connected active directory through ldap authenticate, , following in ldap.xml i've called custom authorities populator:

    <bean id="ldapauthenticationprovider"         class="org.springframework.security.ldap.authentication.ldapauthenticationprovider">     <constructor-arg ref="ldapbindauthenticator"/>     <constructor-arg ref="ldapauthoritiespopulator"/> </bean>  <bean id="ldapbindauthenticator"         class="org.springframework.security.ldap.authentication.bindauthenticator">     <constructor-arg ref="ldapserver"/>     <property name="usersearch" ref="ldapsearch"/> </bean>  <bean id="ldapsearch"         class="org.springframework.security.ldap.search.filterbasedldapusersearch">     <constructor-arg value="cn=users"/>     <constructor-arg value="(samaccountname={0})"/>     <constructor-arg ref="ldapserver"/> </bean>  <bean id="ldapauthoritiespopulator"         class="my.project.package.activedirectoryldapauthoritiespopulator"/>  <bean id="ldapserver"         class="org.springframework.security.ldap.defaultspringsecuritycontextsource">     <constructor-arg value="ldap://192.168.0.2/dc=test,dc=server"/>      <property name="userdn" value="ldap@test.server"/>     <property name="password" value="ldap"/>     <property name="baseenvironmentproperties">         <map>             <entry key="java.naming.referral">                 <value>follow</value>             </entry>         </map>     </property> </bean>

this works fine, , can ascertain user's authorization based on group membership, rather through built-in active directory ldap authentication provider:

<bean id="ldapauthenticationprovider"         class="org.springframework.security.ldap.authentication.ad.activedirectoryldapauthenticationprovider">          <constructor-arg value="test.server"/>         <constructor-arg value="ldap://192.168.0.2:389"/>         <property name="convertsuberrorcodestoexceptions" value="true"/> </bean>

the problem above custom authorities populator (obviously) not called, while can authenticate users (which works above), left without groups (which need determine authorization).

i feel simple question, life of me cannot find answer here or anywhere else. have extend activedirectoryldapauthenticationprovider class, , call authorities populator there?

(thanks site has given me several years running; effectiveness of site can gauged fact i've bothered create account, , first question. in advance help.)

spring's activedirectoryldapauthenticationprovider class final, real option (i'll entertain better ones if there takers) fork class. copied , pasted contents, refactored slightly, , removed final designation. then, created separate subclass of forked class, overriding loaduserauthorities() method, , added own code building permissions mask.

i able edit ldap.xml file follows:

    <bean id="ldapauthenticationprovider"             class="my.project.package.overrideactivedirectoryldapauthenticationprovider">            <constructor-arg value="test.server"/>         <constructor-arg value="ldap://192.168.0.2:389"/>         <property name="convertsuberrorcodestoexceptions" value="true"/> </bean>

for other n00bs me, subclass looks this:

public class overrideactivedirectoryldapauthenticationprovider extends testactivedirectoryldapauthenticationprovider {  //my assignments  public overrideactivedirectoryldapauthenticationprovider(string domain,         string url) {     super(domain, url); }  @override protected collection<? extends grantedauthority> loaduserauthorities(dircontextoperations userdata, string username, string password) { //original code own additions //in case, injected code for(group : groups) loop }

worked charm.

much zagyi assistance.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s...
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec...
Read more