I am trying to authorize users with spring security. So far I am able to authenticate them with ldap, but could not get the authorities yet.
I also connect ldap with Apache Directory Studio and query user information, i could find the authorities in user. But spring security ldap configuration could not gather them.
Here is the ldap part of the application-config.xml:
<sec:authentication-manager>
<sec:ldap-authentication-provider
user-dn-pattern="uid={0},ou=myComp,o=myComp,dc=myComp,dc=ldap"
group-search-base="dc=myComp,dc=ldap"
group-search-filter="uniqueMember={0}"
role-prefix="none" />
And here is the screen shot of the Apache Directory Studio with my information:
As you can see, my role information is in nsRole attribute of my user. But, unless I query nsRole attribute, it is not seen on my user info. So the question is, could i get these authorities with adding/changing the configuration of ldap configuration or do i have to write my own authentication-provider and connect ldap server and query the nsRole attribute manually?
Thanks a lot..
Note: This is a custom java code, that connects ldap server and queries my user roles successfully. package ldap;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class LdapTest2 {
public static void main(String[] args) {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://myCompldap.mycomp.local:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=myUser,ou=myComp,o=myComp,dc=myComp,dc=ldap");
env.put(Context.SECURITY_CREDENTIALS, "myPass");
try {
LdapContext ctx = new InitialLdapContext(env, null);
ctx.setRequestControls(null);
NamingEnumeration<?> namingEnum = ctx.search("uid=myUser,ou=myComp,o=myComp,dc=myComp,dc=ldap", "(objectClass=*)", getSimpleSearchControls());
while (namingEnum.hasMore ()) {
SearchResult result = (SearchResult) namingEnum.next ();
Attributes attrs = result.getAttributes ();
Attribute lattr = attrs.get("nsrole");
NamingEnumeration allRoles = lattr.getAll();
while(allRoles.hasMore()) {
Object role = allRoles.next();
System.out.println(role);
}
}
namingEnum.close();
} catch (Exception e) {
e.printStackTrace();
}
}
private static SearchControls getSimpleSearchControls() {
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setTimeLimit(30000);
String[] attrIDs = {"nsRole"};
searchControls.setReturningAttributes(attrIDs);
return searchControls;
}
}