|
Sort Order:
You're welcome :)
I will resubmit the patch as soon as possible (I hope before the 15th of December) This is the version without dependencies to websphere specific libraries
Too me this looks like another instance of a pre-authenticated authentication provider, although in it's current form it isn't actually implemented as an Acegi authentication provider.
Would it make sense to rewrite this as a real authentication provider, possibly based on the pre-authenticated authentication provider that I proposed (see http://jira.springframework.org/browse/SEC-576)? It will be basically the same as the J2EE authentication provider, but instead retrieves the Acegi granted authorities using the WebSphere UserRegistry. I think this would make this proposal more flexible and more in line with other Acegi authentication providers. Spring Security integration for WebSphere security, based on the Spring Security pre-authenticated authentication provider. This code is based on Spring Security SVN checkout done on 2008-03-14. So it already uses for example the new (Mutable)GrantedAuthoritiesContainer
This code includes some non-websphere related extensions to the Spring Security AuthenticationDetails* classes and interfaces. These are also separately available in Thanks a lot. I will shortly have a look on it.
I've committed the preautheticated implementation code. If there are no objections to this I'll close the issue.
Thanks to Ruud and Stephane this is very helpful!!
I am testing your code and ran into a peculiar issue. In WebSphere 6.1.0.19 server configured with ADS SSO. When I get the groups for user I get the entire DN not just the group names from Active Directory Server which is my user registry. I added some system out statements to see what is happening, and this what I see: [12/30/08 12:21:26:718 EST] 00000022 SystemOut O PreAuthenticated WebSphere principal: wasadmin [12/30/08 12:21:26:734 EST] 00000022 SystemOut O Groups for user wasadmin: [CN=supervisor,OU=vsp,dc=xfdomain,dc=local, CN=vso,OU=vsp,dc=xfdomain,dc=local]WebSphere groups [{CN=supervisor,OU=vsp,dc=xfdomain,dc=local,CN=vso,OU=vsp,dc=xfdomain,dc=local}] mapped to Granted Authorities: [{ROLE_CN=SUPERVISOR,OU=VSP,DC=XFDOMAIN,DC=LOCAL,ROLE_CN=VSO,OU=VSP,DC=XFDOMAIN,DC=LOCAL}] My question is wheter there is a way to make websphere return only the cn value, or do you think I have misconfigured the server? |
|||||||||||||||||||||||||||||||||||||||||
New Feature
Closed
Major
[patch] Acegi adapter for WebSphere 6.x
We would like to add this feature to our 2.0 release. However, I noticed you have added a new JAR dependency that contains an IBM JAR. I presume this JAR is not released under an open source license compatible with Apache License, 2.0.
If the above is correct, would you kindly resubmit the patch in a manner that does not require a compile-time dependency on this JAR. My recommendation would be to use reflection to invoke the required methods, such that at runtime the user will ensure the JAR is in the classpath and thereby the reflective invocations will succeed. Whilst I can easily refactor your patch to do this, I do not have a WebSphere environment in which to test it.
Thanks once again for your work on this issue.