Using Spring Security in Grails with CAS and LDAP -

March 15, 2015

i trying set spring security in grails authenticating against cas , authorizing against ldap. have found examples several examples (i have 20 browser tabs open right now), none of them answer whole question. of examples grails + cas or grails + ldap, no examples of grails + cas + ldap.

so got working, , isn't bad, wish had seen @cantoni's example first. have made easy. setup little more simple his, i'll add here.

install spring security core, cas, , ldap plugins. important: until spring-security-cas:1.0.5 updated, wouldn't try use new spring-security-core:2.0-rc2 , spring-security-ldap:2.0-rc2. cas plugin doesn't seem work them.

    plugins {     ....     //security     compile ":spring-security-core:1.2.7.3"     compile ":spring-security-cas:1.0.5"     compile ":spring-security-ldap:1.0.6"     ...     }

you don't need run quickstart command if you're not using daoauthenticationprovider, not.

configure core , cas plugins in config.groovy

//spring security core config grails.plugins.springsecurity.providernames = ['casauthenticationprovider']  grails.plugins.springsecurity.rejectifnorule = true grails.plugins.springsecurity.securityconfigtype = "intercepturlmap" grails.plugins.springsecurity.intercepturlmap = [     '/js/**': ['is_authenticated_anonymously'],     '/css/**': ['is_authenticated_anonymously'],     '/images/**': ['is_authenticated_anonymously'],     '/login/**': ['is_authenticated_anonymously'],     '/logout/**': ['is_authenticated_anonymously'],     '/**': ['hasanyrole("role_operator","role_admin")'] ]  //spring security cas config grails.plugins.springsecurity.cas.loginuri = '/login' grails.plugins.springsecurity.cas.serviceurl = 'http://server.company.com:8080/app-name/j_spring_cas_security_check' grails.plugins.springsecurity.cas.serverurlprefix = 'https://sso.company.com/cas' grails.plugins.springsecurity.cas.proxycallbackurl = 'http://server.company.com:8080/app-name/secure/receptor' grails.plugins.springsecurity.cas.proxyreceptorurl = '/secure/receptor'

you can leave off rejectifnorule, securityconfigtype, , intercepturlmap if want use annotations instead of interceptor map.

configure userdetailsservice delegate ldap in resources.groovy

// load ldap roles spring security initialdircontextfactory(org.springframework.security.ldap.defaultspringsecuritycontextsource,     "ldap://123.45.67.89:389"){     userdn = "myldapuser"     password = "myldappwd" }  ldapusersearch(org.springframework.security.ldap.search.filterbasedldapusersearch,     "dc=foo,dc=company,dc=com", "samaccountname={0}", initialdircontextfactory){  }  ldapauthoritiespopulator(org.springframework.security.ldap.userdetails.defaultldapauthoritiespopulator,     initialdircontextfactory,"ou=foo,dc=bar,dc=company,dc=com"){       grouproleattribute = "cn"       groupsearchfilter = "member={0}"       searchsubtree = true       roleprefix = "role_"       converttouppercase = true       ignorepartialresultexception = true }  userdetailsservice(org.springframework.security.ldap.userdetails.ldapuserdetailsservice,ldapusersearch,ldapauthoritiespopulator){ }

Search This Blog

Roma

Using Spring Security in Grails with CAS and LDAP -

Comments

Post a Comment

Popular posts from this blog

curl - PHP fsockopen help required -

HTTP/1.0 407 Proxy Authentication Required PHP -

c# - Resource not found error -