0

I want to user an authentication realm trough ldap. This works fine. Secondly i want store UserRoles for my application in a Roles tables, this works also fine. (Example below, with an aggregate-realm)

But i dont know how to obtain both roles. Roles from LDAP and from my Roles table together.

What i am missing?

         <security-domain name="securtiyDomain" default-realm="my-realm" permission-mapper="default-permission-mapper">
                <realm name=jdbc-realm"   role-decoder="from-roles-attribute"/>
            </security-domain>
   
        <security-realms>
            <aggregate-realm name="my-realm" authentication-realm="ldap-realm" authorization-realms="jdbc-realm ldap-realm"/>

            <jdbc-realm name="jdbc-realm">
                <principal-query .... >
                    <attribute-mapping>
                        <attribute to="roles" index="1"/>
                    </attribute-mapping>
                </principal-query>
            </jdbc-realm>

            <ldap-realm name="ldap-realm" dir-context="ldap-connection" direct-verification="true">
                <identity-mapping ...>
                    <attribute-mapping>
                        <attribute from="cn" to="Roles" .../>
                    </attribute-mapping>
                    <user-password-mapper from="userPassword"/>
                </identity-mapping>
            </ldap-realm>

            <simple-role-decoder name="from-roles-attribute" attribute="roles"/>
Jeff Reiffers
  • 1
  • 2

1 Answers1

0

Your security-domain configuration does not have aggregate realm my-realm in its list of realms. Try something like below:

<security-domain name="securtiyDomain" default-realm="my-realm" permission-mapper="default-permission-mapper">
    <realm name=my-realm"   role-decoder="from-roles-attribute"/>
</security-domain>
diavil
  • 81
  • 4