Examples of org.acegisecurity.providers.ldap.LdapAuthenticationProvider

• org.acegisecurity.providers.ldap.LdapAuthenticationProvider
  ymachine:389/dc=acegisecurity,dc=org"/> <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"><value>password</value></property> </bean> <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"><list><value>uid={0},ou=people</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg><value>ou=groups</value></constructor-arg> <property name="groupRoleAttribute"><value>ou</value></property> </bean> </constructor-arg> </bean>

  This would set up the provider to access an LDAP server with URL ldap://monkeymachine:389/dc=acegisecurity,dc=org. Authentication will be performed by attempting to bind with the DN uid=<user-login-name>,ou=people,dc=acegisecurity,dc=org. After successful authentication, roles will be assigned to the user by searching under the DN ou=groups,dc=acegisecurity,dc=org with the default filter (member=<user's-DN>). The role name will be taken from the "ou" attribute of each match.

  The authenticate method will reject empty passwords outright. LDAP servers may allow an anonymous bind operation with an empty password, even if a DN is supplied. In practice this means that if the LDAP directory is configured to allow unauthenitcated access, it might be possible to authenticate as any user just by supplying an empty password. More information on the misuse of unauthenticated access can be found in draft-ietf-ldapbis-authmeth-19.txt.

  @author Luke Taylor @version $Id: LdapAuthenticationProvider.java 1995 2007-08-30 21:12:16Z luke_t $ @see org.acegisecurity.providers.ldap.authenticator.BindAuthenticator @see org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator

                groupSearchBase);
          String groupRoleAttribute = "ou";
          authoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute);

            System.out.println("***********************************");
          LdapAuthenticationProvider ldapAuthenticationProvider =
            new LdapAuthenticationProvider(authenticator, authoritiesPopulator);
          LdapUserInfo user = authenticator.authenticate(userDetails.getUsername(),
              (String)authentication.getCredentials());
          if (user != null) {
              UserDetails u = ldapAuthenticationProvider.retrieveUser(userDetails.getUsername(),
                  authentication);
              System.out.println("user " + u);
          }
          else {
              throw new BadCredentialsException(messages.getMessage(