问题
I'm starting a new project on Groovy and Grails. I'm now working on the authentication part and as we have an LDAP server I want to work the authentication using LDAP. I began setting my environment, I'm using SpringSource Tool Suite and Grails 1.3.5. When I started working with the authentication part I installed two plugins:
- springSecurityCore - 1.0.1
- springSecurityLdap - 1.0.1
I also ran the "s2 quickstart" command for the LDAP plugin.
Everything looks great, I can use the LoginController and the LogoutController, I'm able to secure a web page so that it can only be seen when logged in. I'm doing this by creating a user at the BootStrap.groovy
I also configured all the LDAP and Spring Security Core parameters at Config.groovy with the corresponding values of our LDAP server:
grails.plugins.springsecurity.ldap.context.managerDn
grails.plugins.springsecurity.ldap.context.managerPassword
grails.plugins.springsecurity.ldap.context.server
grails.plugins.springsecurity.ldap.authorities.groupSearchBase
grails.plugins.springsecurity.ldap.search.base
grails.plugins.springsecurity.userLookup.userDomainClassName
grails.plugins.springsecurity.userLookup.authorityJoinClassName
grails.plugins.springsecurity.authority.className
However, I don't know how to test that the authentication is being done with the LDAP server. I'm sure it's not being done with LDAP because when I go to the Login box when the application is running and I try to authenticate with my username and password that I normally use for the LDAP server it says that it can't find that user. If I try to authenticate with the user I created on BootStrap.groovy I'm able to login but I guess that user is being created locally only and it's transient.
- How can I set the authentication provider to be the LDAP server?
- What else do I have to do after installing the security core and ldap plugins after running the "s2 quickstart"?
That thing of Groovy and Grails makes so many things on the background that at the beggining is difficult to understand where to configure everything.
Thanks in advance for your help
EDIT: I've been looking for information on how to use those plugins but I haven't found anything that is well documented, I've found information regarding Acegi but that plugin is not supported anymore, that's why I'm asking here
EDIT: Reading this (I'll see if achieve to use LDAP): http://blog.springsource.com/2010/08/11/simplified-spring-security-with-grails/
回答1:
1.How can I set the authentication provider to be the LDAP server?
I am fairly sure this is the Config.groovy entry that activates LDAP authentication.
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider']
2.What else do I have to do after installing the security core and ldap plugins after running the "s2 quickstart"?
I found this discussion very helpful: CustomUserDetailsService. The result was this method in an extension of UserDetailsContextMapper:
UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx,
java.lang.String username,
java.util.Collection<GrantedAuthority> authority) {
User.withTransaction { status ->
def user = getUser(ctx) // Creates and saves a MyUser domain class instance
def userDetails = new MyUserDetails(
username,
authority ?: NO_ROLES,
user.id,
user.name,
user.mail)
userDetails.fullname = user.name
userDetails.email = user.mail
return userDetails
}
}
And I think this resources.groovy entry was necessary:
beans = {
ldapUserDetailsMapper(MyUserDetailsContextMapper) {
}
回答2:
Both plugins have pretty extensive documentation at the following locations:
http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/index.html http://burtbeckwith.github.com/grails-spring-security-ldap/docs/manual/index.html
来源:https://stackoverflow.com/questions/4035402/how-to-use-ldap-plugin-on-grails