shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <kalle.o.korho...@gmail.com>
Subject Re: JndiLdapRealm
Date Tue, 10 Jul 2012 07:19:59 GMT
Hi Vladimir, I took the liberty of sending my reply to the Shiro user
list (this seems to be strictly an Apache Shiro question/comment
rather than tapestry-security one). I'm glad you figured out how to
enable SSL - that's the nature of programming, some things just take
needlessly long. Many other users have said the same thing about
JndiLdapRealm, that it's too limited. It's a bit difficult however to
cover LDAP with a single implementation. It's not terribly difficult
to write a new realm though - I often view the built-in Shiro realms
more as a sample code than something that should work out of the box.

Kalle


On Mon, Jul 9, 2012 at 12:02 AM, Vladimir Bauer <VBauer@slb.com> wrote:
> Hi Kalle,
>
>
>
> Recently I’ve discovered shiro and tapestry-security to myself.
>
> I was choosing between Spring Security and Shiro.
>
>
>
> In my tapestry web project, I need to authenticate users against ldap.
>
> The corporate ldap allows authentication only over SSL.
>
>
>
> So my concern is that I was not able to setup JndiLdapContextFactory by
> provided setters to lead to successful authentication.
>
> I only succeed after setting up Hashtable env, the code is below.
>
>
>
>        public static void contributeWebSecurityManager(Configuration<Realm>
> configuration) {
>
> //            ExtendedPropertiesRealm realm = new
> ExtendedPropertiesRealm("classpath:shiro-users.properties");
>
> //            configuration.add(realm);
>
>
>
>               JndiLdapRealm ldapRealm = new JndiLdapRealm();
>
>
>
>               ldapRealm.setUserDnTemplate("cn={0},ou=employee,o=slb,c=an");
>
> //            JndiLdapContextFactory contextFactory =
> ((JndiLdapContextFactory) ldapRealm.getContextFactory());
>
> //            contextFactory.setUrl("ldap://ldap.slb.com:636/o=slb,c=an");
>
> //            contextFactory.setAuthenticationMechanism("simple");
>
> //            configuration.add(ldapRealm);
>
>
>
>         Hashtable env = new Hashtable(4);
>
>
> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
>
>         env.put(Context.PROVIDER_URL, "ldap://ldap.slb.com:636/o=slb,c=an");
>
>         env.put(Context.SECURITY_PROTOCOL, "ssl");
>
>         env.put(Context.SECURITY_AUTHENTICATION, "simple");
>
>
>
>         JndiLdapContextFactory contextFactory = ((JndiLdapContextFactory)
> ldapRealm.getContextFactory());
>
>         contextFactory.setEnvironment(env);
>
>
>
>         configuration.add(ldapRealm);
>
>
>
>        }
>
>
>
>
>
> As a conclusion, may I address suggestion to implement method for setting
> SSL?
>
> Something like setSSL(Boolean b).
>
> Building hashtable env, took me much time to read about JNDI.
>
> This isn’t a user friendly approach as well.
>
>
>
> Finally I found JndiLdapRealm very limited, so I’ll implement my own ldap
> realm with Spring LDAP framework.
>
>
>
> Kind regards,
>
> Vladimir Bauer
> Onsite I.T. Support
>
> Schlumberger Balkanabat
> Phone: + 993 222 74656 ext.100
> Mobile: +99364053403
> E-Mail: vbauer@slb.com
>
>
>
>

Mime
View raw message