C J
Reputation: 298
Where and how ROLES are defined when using LDAP and Spring security
I am using Spring Security and authenticating from an LDAP database. The authentication works fine, but I am not able to utilize roles!
In spring-security.xml there is this tag:
<security:intercept-url pattern="/app/main/admin" access="hasRole('ROLE_USER')"/>
My question is, where is "ROLE_USER" defined? How is a user made to belong to a particular role? Does this happen in the LDAP database? If yes, then how do I do that? I know little about LDAP. Is it another configuration file where I define roles?
Thank you for your help.
Upvotes: 1
Views: 5118
Answers (1)
amant singh
Reputation: 518
I know of two ways we can assign a role to a user after LDAP authentication.
- We can divide users in different groups according to their roles in the LDAP database and map those groups to different roles.
See here : How to Map AD Groups to User Role Spring Security LDAP
- We can authenticate the user using LDAP authentication and authorize using our local database.
Configuration:
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg name="authenticator">
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userSearch">
<beans:bean
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg name="searchBase"
value="ou=example,dc=springframework,dc=org" />
<beans:constructor-arg name="searchFilter"
value="(uid={0})" />
<beans:constructor-arg name="contextSource"
ref="contextSource" />
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg name="authoritiesPopulator"
ref="myLDAPAuthPopulator" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
Implementation of myLDAPAuthPopulator:
@Component("myLDAPAuthPopulator")
public class MyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
@Autowired
private UserDao userDao;
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
List<String> roleList = userDao.getRoles(username);
if (!roleList.isEmpty()) {
for (String role : roleList) {
System.out.println(role);
authorities.add(new SimpleGrantedAuthority(role));
}
}
else
{
//We know that user is authenticated. So you can add a role here and save it in the database.
}
return authorities;
}
Upvotes: 1
Related Questions
- Spring Boot getting Roles from LDAP
- How to implement Spring Security with LDAP and Role based granted authorities from database?
- spring authorizations and roles management with Ldap
- Spring Security - Retrieving Role of a User
- Spring Security with LDAP and Database roles
- Handling roles when authenticated to active directory with spring security 3.1
- LDAP authorization
- Spring security authentication using ldap based on memberOf attribute
- Spring LdapAuthentication and Load roles from local database
- Defining Spring Security user roles