I have not been able to find anything relating to what I want to achieve
I have a web system that is using Spring Secuirty 3.1 that needs to link users from an Active Directory. For my dev, I was just storing them in the spring-security.xml file. This was fine, but for production, I need to have the users linked from Active Directory. I have this working now so I can log in ect, so this isn't the issue. The issue I have is, in my local dev work, I had users and "groups", i.e. ROLE_USER and ROLE_ADMIN.
In Active directory, there are two groups that map on to these names. I need to do the URL intercept-url based on these role types, but I dont know how to do this for active directory.
This is my local dev version that hard codes the users in the authentication-provider. This needs to be forr active directory:
<http auto-config="true" disable-url-rewriting="true">
<intercept-url pattern="/test/*" access="ROLE_USER, ROLE_ADMIN" />
<intercept-url pattern="/admin" access="ROLE_ADMIN" />
<intercept-url pattern="/list*" access="ROLE_USER, ROLE_ADMIN" />
<form-login login-page="/login"
default-target-url="/home"
authentication-failure-url="/loginfailed" />
<logout invalidate-session="true" logout-success-url="/logout" />
<session-management invalid-session-url="/login">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="test" password="test" authorities="ROLE_USER" />
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
BUT, what I need to do is replace this with active directory based authentication-manager.
<authentication-manager>
<authentication-provider ref="ldapActiveDirectoryAuthProvider"/>
</authentication-manager>
I know the users are in this directory for AD:
OU=Users,OU=Z3,DC=i1,DC=z12,DC=r1,DC=net
and the groups are in:
OU=Groups,OU=Z3,DC=i1,DC=z12,DC=r1,DC=net
The key attribute in Active Directory that is used to log in is 'SAM-Account-Name'
Please help.
