Details
-
Type:
Improvement
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
Description
I'm not sure I understand the basic setup for the simple use case:
In my application, users should be able to authenticate against LDAP and local database. If they're in LDAP, use that with local Roles. Else if they're in the db, use local user and role. Else fail to authenticate.
Users should also be able to be remembered. When a user closes his browser, reopens it and visits the page, the user should be logged in.
In parsing the documentation, it appears to me that this functionality should be available "out of the box" when I install spring-security-core and spring-security-ldap, set a few configuration options, and go.
Yet in this very basic test application, the user is only able to authenticate against LDAP (the testUser created in the bootstrap is not found when I try to log in) and the remember me feature straight up doesn't work.
The steps I followed were, exactly:
Create application
Install Spring Security Core
Install Spring Security LDAP
Run S2-Quickstart with parameters com.sig.users Person Role
Run S2-create-persistent-token
Generate scaffold controllers for Person, Role, PersonRole
Edit Config.groovy to add the following:
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.sig.users.Person'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.sig.users.PersonRole'
grails.plugins.springsecurity.authority.className = 'com.sig.users.Role'
// remember me
grails.plugins.springsecurity.rememberMe.persistent = true
grails.plugins.springsecurity.rememberMe.persistentToken.domainClassName = 'com.sig.users.PersistentLogin'
grails.plugins.springsecurity.rememberMe.cookieName = "testCookie"
grails.plugins.springsecurity.rememberMe.alwaysRemember = true
grails.plugins.springsecurity.rememberMe.tokenValiditySeconds = 31556926 // 1 year in seconds
grails.plugins.springsecurity.rememberMe.key = 'hoorayTest'
// LDAP Configurations
grails.plugins.springsecurity.ldap.mapper.userDetailsClass = 'person'
grails.plugins.springsecurity.ldap.context.managerDn = ''
grails.plugins.springsecurity.ldap.context.managerPassword = ''
grails.plugins.springsecurity.ldap.context.server = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
grails.plugins.springsecurity.ldap.search.base = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
grails.plugins.springsecurity.ldap.authorities.groupSearchBase = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail'] // extra attributes you want returned; see below for custom classes that access this data
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
//role specific ldap config
grails.plugins.springsecurity.ldap.useRememberMe = true
grails.plugins.springsecurity.ldap.rememberMe.usernameMapper.userDnBase = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
grails.plugins.springsecurity.ldap.rememberMe.usernameMapper.usernameAttribute = "cn"
grails.plugins.springsecurity.ldap.rememberMe.detailsManager.groupSearchBase = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
grails.plugins.springsecurity.ldap.rememberMe.detailsManager.groupMemberAttributeName = -LDAP INFO REDACTED, REPLACE WITH YOUR OWN-
Are there other configurations I'm missing? Is there something I have to wire up in the controller to get this to work?
