I use the SpringSecurity-framework for authentication, and it works as long as there is a user with the same name in my local DB.
However, I want an admin-account that is only stored in the local DB and has no equivalent in LDAP.
So, how can I configure SpringSecurity so that it uses LDAP and if this fails looks for a user and password in the local DB?
After hours of digging through google search results, source-code and documentation, I finally got it!
Just set the providers you want in your SecurityConfig.groovy
providerNames = ['daoAuthenticationProvider',
'ldapAuthProvider']
Please note, that the names are not consistent. That took me quite a bit, hope someone else can find it useful.
Related
I have ran to the situation where I have to remove Facebook/Google authentication option from my app. So I want to know all the pain during this process.
What about user data ? Is there any possibility to link newly created user with data from previous facebook-login-based user ?
Any other situations which I have to fix ?
Oh my God. I personally do not think that you should do that. Yes, if their users in your application that have logged in with one of these providers, then yes their data possibly could be deleted. I mean if you have stored the access tokens to retrieve information about them, then you will be fine I think. But, if you remove OAuth2.0 then your users will not be able to log in with anything else, such as local authentication, due to the fact that they have not created an account via your local authentication system, as they do not have provided a password for their account. They only gave consent to read or write data about themselves, and you only know their email or username. Last but not least, a move like will definitely harm your User Experience (UX) throughout your application and your marketing as well.
I hope that helps! Try to search about some alternatives to solve your issues.
I'm trying to set up a cronjob that syncs comments between Disqus and my database.
Everything is ok with the basic API, but I also need to store Ip addresses and emails in my local db. Reading the documentation, I found out that I need to use oauth and to declare a specific scope in order to get those "confidential" data.
So I set up a script that does everything and it actually works: everything is ok if I access the test page on my browser, trigger the authentication and ALLOW disqus to access my account stuff.
The problem is that I can't do this manually every 10 minutes. I need this to work on a cronjob set up on my linux webserver, but it doesn't work: of course my cronjob can't click on the ALLOW button etc.
Am I missing something? Is this a dumb question? :-)
Thanks in advance
Your API application includes an administrator's access token (it doesn't expire, so keep this secret!) to perform functions like this, so you don't need to authenticate constantly. So there's two things you need to do:
Get your admin access token from your application here (details page): http://disqus.com/api/applications/ - then use this to authenticate in your server-side script.
On the same page, go to the settings page and change the default permissions scope from "Read & Write" to "Read, Write & Manage Forums"
This will make sure you get all the sensitive data you need synced up.
I'm trying to use LDAP as a form of authentication for users in my system. Right now I have a login page that after they input their username and password. The system will check the username with the database and then checks their name to match it with the active directory so as to check whether the password matches. However, I'm not sure how to start implementing. So, is there anyone out there that can guide me with links and guides to have a kick start and how to complete this particular function.
Thank you guys so much :)
look at the spring-security-ldap plugin
I'm new to Grails, and have jumped into version 2. I'm developing a project that uses Spring Security 3 - and this is working fine - but I want to use my organisations LDAP server (if / when it is available) to do the following:
authenticate users
update the local user data with details from LDAP
create the user if they don't exist
update the local users password (in case the LDAP server isn't available)
log that user in
I may have skipped a lot of fundamental stuff on my way to getting this working, like actually how Grails works - and I'm struggling to understand how to actually interrupt the Spring Security authentication process with an LDAP lookup, then how to get those details back in a way that I can use them to either update an existing user or create a new one...
I found a basic tutorial here: http://jamesjefferies.com/2011/01/06/grails-spring-security-ldap/ which means I can authenticate myself as a user from the LDAP server - although Spring Security still shows me as logged out, but will not let me log in either until I manually log out... so its kind of in a login-limbo.
The magic is doing my head in... at first I was amazed that I could build an entire web-app with a few commands and a few hours customization - but it's coming back to bite me now - as is the lack of useful examples... and the Spring Security LDAP plugin documentation is somewhat lacking (or maybe its my lack of understanding).
So, primarily I would like some help to complete the authentication so that it checks the user database for an existing user and updates them, or creates the user if they don't exist... but I would also love it if someone could give me a brief overview of the authentication process in Grails so I can understand whats actually happening, and where I should intercept things.
Cheers in advance for any help
Steve
There is a good example here that shows how to implement a custom user details mapper. I used that method on an LDAP login Grails 2.0 app successfully. Basically you have a CustomUserDetailsContextMapper that implements the UserDetailsContextMapper interface which you then use to override the default implementation by registering the bean in conf>spring>resources.groovy. Then inside your CustomUserDetailsContextMapper you check for a user(your domain class) with a matching username and if none exists you creates one using data from the ctx.originalAttrs which contains data from the ldap query results. You must then return a new org.springframework.security.core.userdetails.User. You can extend this class to add other fields that you want to be able to access directly from the principal object.
I'm trying to connect to an existing LDAP server to authenticate users trying to use my app – I'm having trouble figuring out where to start.
I've read about LDAP, understand how it works, and have looks at libs like ActiveLdap.
I'm just not sure where to start from here: I have the hostname of the server I was to authenticate against (bind with), but I don't know how to go about doing it.
(The answers on SO are quite, quite old, and links are broken!)
Thanks!
You will need, in addition to the hostname (and port, if non-standard), a DN to authenticate against (look at it as the DN identifying your "user", e.g. cn=BillG,ou=engineering,o=microsoft) as well as the corresponding password.
See LDAP::Conn.bind (assuming not using SSL, in which case you'd use LDAP::SSLConn); please read through this tutorial for full examples.