Include Page |
---|
| ServerDoc2x:Security Version Info Include |
---|
| ServerDoc2x:Security Version Info Include |
---|
|
Overview
Is it possible to authenticate via LDAP then fetch roles from a relational database? Yes! To accomplish this, make the following changes.
Steps
- Install the attached JAR file in the same directory as
acegi-security-1.x.x.jar
(e.g. pentaho.war/WEB-INF/lib
). (This JAR contains a single class, detailed in SEC-456.) - Edit
web.xml
to use a combination of LDAP and JDBC configuration files. Code Block |
---|
|
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-acegi-security.xml
/WEB-INF/applicationContext-common-authorization.xml
/WEB-INF/applicationContext-acegi-security-ldap.xml
/WEB-INF/applicationContext-pentaho-security-jdbc.xml
</param-value>
</context-param>
|
- Open
applicationContext-acegi-security-ldap.xml
. Replace the populator
bean definition with the one below. (This is the bean in the downloaded JAR.) Code Block |
---|
| xml |
---|
| xml |
---|
title | applicationContext-acegi-security-ldap.xml |
---|
|
<bean id="populator" class="org.acegisecurity.providers.ldap.populator.DaoLdapAuthoritiesPopulator">
<property name="userDetailsService" ref="userDetailsService" />
<property name="usernameAttribute" value="cn" />
</bean>
|
- Staying in the same file, remove the
userDetailsService
bean. (We're removing it to replace it later with the JDBC-based UserDetailsService
implementation: JdbcDaoImpl
.) Code Block |
---|
| xml |
---|
| xml |
---|
title | applicationContext-acegi-security-ldap.xml |
---|
|
<!-- removed userDetailsService bean -->
|
- Open
applicationContext-pentaho-security-jdbc.xml
. Add the following two bean definitions. Both of these bean definitions were copied from applicationContext-acegi-security-jdbc.xml
. (One is the JDBC-based UserDetailsService
implementation; the other is a bean required by that implementation.) Code Block |
---|
| xml |
---|
| xml |
---|
title | applicationContext-pentaho-security-jdbc.xml |
---|
|
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.hsqldb.jdbcDriver" />
<property name="url" value="jdbc:hsqldb:hsql://localhost:9002/userdb" />
<property name="username" value="sa" />
<property name="password" value="" />
</bean>
<bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref local="dataSource" />
</property>
<property name="authoritiesByUsernameQuery">
<value>
<![CDATA[SELECT username, authority FROM granted_authorities WHERE username = ?]]>
</value>
</property>
<property name="usersByUsernameQuery">
<value>
<![CDATA[SELECT username, password, enabled FROM users WHERE username = ?]]>
</value>
</property>
</bean>
|
References
See SEC-456.