stackoom
  简体   繁体   中英

Using Spring Security in Grails with CAS and LDAP

 原文  2013-07-25 13:38:34       grails/ spring-security/ ldap/ cas

Question

I am trying to set up Spring Security in Grails authenticating against CAS and authorizing against LDAP. I have found examples several examples (I have about 20 browser tabs open right now), but none of them answer the whole question. Most of the examples are Grails + CAS or Grails + LDAP, but no examples of Grails + CAS + LDAP.

2 answers

solution1
 8 ACCPTED  2013-07-26 12:21:02

So I got it working, and it really isn't that bad, but I wish I had seen @cantoni's example first. It would have made this really easy. My setup is a little more simple than his, so I'll add it here.

Install the Spring Security Core, CAS, and LDAP plugins. IMPORTANT: Until spring-security-cas:1.0.5 is updated, I wouldn't try to use the new spring-security-core:2.0-RC2 and spring-security-ldap:2.0-RC2 . The CAS plugin doesn't seem to work with them. 

    plugins {
    ....
    //security
    compile ":spring-security-core:1.2.7.3"
    compile ":spring-security-cas:1.0.5"
    compile ":spring-security-ldap:1.0.6"
    ...
    }

You don't need to run the quickstart command if you're not also using daoAuthenticationProvider, which I am not.

Configure the core and cas plugins in Config.groovy 

//Spring Security Core Config
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider'] 
grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/**': ['hasAnyRole("ROLE_OPERATOR","ROLE_ADMIN")']
]

//Spring Security CAS Config
grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = 'http://server.company.com:8080/app-name/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://sso.company.com/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://server.company.com:8080/app-name/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'

You can leave off rejectIfNoRule , securityConfigType , and interceptUrlMap if you want to use annotations instead of the interceptor map.

Configure your userDetailsService to delegate to LDAP in resources.groovy 

// load ldap roles from spring security
initialDirContextFactory(org.springframework.security.ldap.DefaultSpringSecurityContextSource,
    "ldap://123.45.67.89:389"){
    userDn = "myLdapUser"
    password = "myLdapPwd"
}

ldapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch,
    "DC=foo,DC=company,DC=com", "sAMAccountName={0}", initialDirContextFactory){

}

ldapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator,
    initialDirContextFactory,"OU=foo,DC=bar,DC=company,DC=com"){
      groupRoleAttribute = "cn"
      groupSearchFilter = "member={0}"
      searchSubtree = true
      rolePrefix = "ROLE_"
      convertToUpperCase = true
      ignorePartialResultException = true
}

userDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService,ldapUserSearch,ldapAuthoritiesPopulator){
}

solution2
 3  2013-07-25 22:54:33

I've shared (GitHub) a sample app that integrates Grails (2.2.0) + Spring Security Plugin + CAS + LDAP.

My work is based on this link: http://dominikschuermann.de/index.php/2010/11/using-grails-with-cas-and-ldap/ , but unfortunately the link is not active.

https://github.com/luizcantoni/TestCAS-LDAP-Grails

This App authenticates using CAS. After authenticated, CAS redirect to Grails that populates (through ldap) the User with some Active Directory information (email and name).

This is the file that populates the user with some AD information: https://github.com/luizcantoni/TestCAS-LDAP-Grails/blob/master/src/groovy/example/PrepopulateUserDetailsService.groovy

Check the resources.groovy: https://github.com/luizcantoni/TestCAS-LDAP-Grails/blob/master/grails-app/conf/spring/resources.groovy

Finally, the Config.groovy with the CAS and LDAP configuration: https://github.com/luizcantoni/TestCAS-LDAP-Grails/blob/master/grails-app/conf/Config.groovy

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Grails and Spring Security CAS plugin Grails Spring Security and CAS issue Grails Spring Security LDAP Trouble logging out from a Grails application using Spring Security (CAS) Gormless LDAP with Spring Security in Grails Grails Spring Security REST + LDAP Grails, Spring Security LDAP Plugin Dynamic ldap with spring security in grails Grails: Spring Security CAS working in 2.2.3 but not in 2.3.0 How to lockdown grails spring security / cas application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM