Grails Spring Security REST + LDAP

4
votes

I am trying to set up Spring Security in Grails authenticating with a token (via the Spring Security REST plugin) and authorizing against LDAP. I have found several examples (I have about 20 browser tabs open right now), but none of them answer the whole question. Most of the examples are Grails + REST Security or Grails + LDAP Security, but no examples of Grails + REST + LDAP.

My issue is that the application tries to look in the database for users and roles, when I need it to look to LDAP.

1
springrestgrailsspring-securityldap

1 Answers

3
votes

I found the solution was to go into resources.groovy and configure the userDetailsService bean to use LDAP instead.The only "prerequisite" is that you must already have correct LDAP configurations to your LDAP server. I found this solution here: http://swordsystems.com/2011/12/21/spring-security-cas-ldap/. And only took the following piece.

// Place your Spring DSL code here
import grails.plugin.springsecurity.SpringSecurityUtils
beans = {
    def config = SpringSecurityUtils.securityConfig
    if (config.ldap.context.server) {
        SpringSecurityUtils.loadSecondaryConfig 'DefaultLdapSecurityConfig'
        config = SpringSecurityUtils.securityConfig

        initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
                config.ldap.context.server){
            userDn = config.ldap.context.managerDn
            password = config.ldap.context.managerPassword
        }

        ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
                config.ldap.search.base,
                config.ldap.search.filter,
                initialDirContextFactory){
        }

        ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
                initialDirContextFactory,
                config.ldap.authorities.groupSearchBase){
            groupRoleAttribute = config.ldap.authorities.groupRoleAttribute
            groupSearchFilter = config.ldap.authorities.groupSearchFilter
            searchSubtree = config.ldap.authorities.searchSubtree
            rolePrefix = "ROLE_"
            convertToUpperCase = config.ldap.mapper.convertToUpperCase
            ignorePartialResultException = config.ldap.authorities.ignorePartialResultException
        }

        userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,
                ldapUserSearch,
                ldapAuthoritiesPopulator){
        }
    }
}