1

In my current project I need to authenticate and authorize users via Spring security.

Our directory is LDAP.

I have basic ldap knowledge.

I am trying to understand how in the ldap side I suppose to manage and create users in order to provide them roles and permissions to be used in my Spring security app.

Any ref/tutorials/small explanation would be greatly welcome.

thanks, ray.

rayman
  • 20,786
  • 45
  • 148
  • 246
  • isn't the Spring documentation on this subject enough http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ldap.html? It seems pretty detailed. – Mateusz Dymczyk Oct 20 '13 at 11:52
  • Only for the spring side. I need to configure the LDAP side with the right attributes. – rayman Oct 20 '13 at 11:58
  • ah I see! so you want to know how the server structure should look like? something like this: http://krams915.blogspot.jp/2011/01/spring-security-mvc-using-ldap.html? It's a bit dated but looks ok! – Mateusz Dymczyk Oct 20 '13 at 12:17
  • Yes.. But how you are going to set permissions? for example ROLE_ADMIN user with name "johns" able to access(has permission) to specific resource of a page – rayman Oct 20 '13 at 13:20
  • hm well you don't add *that* to the LDAP server, if I understood the question correctly. In the LDAP you just persist user's data, which might include his role. The settings that describe which role can access a given resource (i.e. page) are kept in spring config files. – Mateusz Dymczyk Oct 20 '13 at 13:23
  • If for example I want to set that the user with name "Johns" has ROLE_USER and has the 'permission' to read-mails but user with Name "David" has ROLE_USER but doesn thave permission to read mails. I can set that information in LDAP cant I? thanks. – rayman Oct 20 '13 at 14:44
  • yes of course! In LDAP you have a set of granted authorities, you can map those to your spring roles (ROLE_USER) etc. using a UserDetailContextMapper as mentioned here http://stackoverflow.com/questions/8835818/handling-roles-when-authenticated-to-active-directory-with-spring-security-3-1. You do not really need to prepare your LDAP in a special way for Spring, I think. That wouldn't be very useful if Spring required that. – Mateusz Dymczyk Oct 20 '13 at 14:54
  • I still didnt understand where in the ldap server I set the granted authorities of a specific user. As I said let's say user named "John" which is belong to group ROLE_USERS will be able to 'delete mails' – rayman Oct 20 '13 at 15:11
  • Hope you get me. I guess what I was asking is how to set permissions/tasks for specific users – rayman Oct 20 '13 at 16:02
  • You're asking a very broad question about how to *use* and *define* your LDAP service. It's not a programming question. Try serverfault.com, but beforehand I suggest you read more about what LDAP actually is, and how it used at a design level. – user207421 Oct 21 '13 at 07:32

1 Answers1

-1

You can check this out StackOverFlow thread where is explained that:

The roles in the beans.xml must be an exact match of the CN (common name) of the memberOf value attribute. With one good example.

Also this two examples MVC + LDAP about the structure of beans.xml in relation with LDAP config. This links is based on MVC + InMemory Authentication where is described the way to code a custom simple login for Spring. This way you can adapt the code in MVC + LDAP example.

Hope this help.

Jv Nihilistik
  • 11
  • 4
  • You should summarize linked content in your answer so that it remains useful if the linked content changes or becomes unreachable. – skrrgwasme Oct 13 '14 at 16:21