| Wiki Markup |
|---|
| Note |
The latest windows authentication bundle is available here |
First step to enable integrated login
Download: security_ntlm_step_1.xml
...
This
...
example
...
contains
...
the
...
bare
...
minimum
...
to
...
enable
...
Windows
...
Integrated
...
Authentication
...
and
...
should
...
be
...
used
...
as
...
a
...
first
...
step
...
to
...
test
...
the
...
authentication.
...
It
...
does
...
not
...
provide
...
access
...
to
...
Weave
...
at
...
all
...
if
...
the
...
user
...
is
...
not
...
part
...
of
...
the
...
domain
...
or
...
if
...
they
...
are
...
not
...
listed
...
in
...
the
...
users.properties
...
file.
...
It
...
requires
...
that
...
each
...
user
...
that
...
will
...
be
...
given
...
access
...
to
...
the
...
system
...
be
...
listed
...
in
...
the
...
users.properties
...
file,
...
but
...
since
...
this
...
is
...
for
...
testing
...
that
...
should
...
only
...
be
...
one
...
or
...
two
...
users.
...
It
...
will
...
require
...
editing
...
of
...
the
...
ntlmProcessingFilter
...
bean
...
to
...
at
...
least
...
set
...
the
...
correct
...
defaultDomain
...
and
...
domainController
...
.
...
It
...
may
...
also
...
require
...
changing
...
the
...
loadBalance
...
property
...
to
...
set
...
it
...
to
...
true
...
(
...
false
...
is
...
the
...
default
...
if
...
it's
...
not
...
set).
...
Depending
...
upon
...
the
...
version
...
of
...
active
...
directory
...
you're
...
running
...
you
...
may
...
need
...
to
...
specify
...
a
...
username/password
...
for
...
the
...
ntlmProcessingFilter
...
.
...
If
...
you
...
find
...
authentication
...
errors
...
in
...
the
...
weave.log
...
file
...
after
...
enabling
...
integrated
...
authentication
...
then
...
change
...
the
...
ntlmProcessingFilter
...
to
...
the
...
following
...
and
...
set
...
the
...
appropriate
...
username/password.
...
| Code Block | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| access}
| |||||||||||
<bean id="ntlmProcessingFilter" class="org.acegisecurity.ui.ntlm.NtlmProcessingFilter">
<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
<property name="authenticationManager" ref="ntlmAuthenticationManager"/>
<property name="defaultDomain">
<value>cohga.local</value>
</property>
<property name="domainController">
<value>192.168.0.80</value>
</property>
<property name = "JCifsProperties">
<map>
<entry key="jcifs.smb.client.username">
<value>username</value>
</entry>
<entry key="jcifs.smb.client.password">
<value>password</value>
</entry>
</map>
</property>
</bean>
{code}
|
Additional
...
properties
...
that
...
can
...
effect
...
the
...
authentication
...
process
...
...
...
...
...
,
...
where
...
they
...
can
...
be
...
set
...
in
...
the
...
JCifsProperties
...
section
...
to
...
alter
...
the
...
authentication
...
process.
Extended authentication example
Download: security_ntlm_step_2.xml
...
This
...
example
...
expands
...
on
...
the
...
original
...
bare
...
minimum
...
example
...
but
...
includes
...
anonymous
...
authentication
...
plus
...
form
...
login.
...
It
...
will
...
also
...
require
...
editing
...
of
...
the
...
ntlmProcessingFilter
...
bean
...
to
...
at
...
least
...
set
...
the
...
correct
...
defaultDomain
...
and
...
domainController
...
.
...
It
...
may
...
also
...
require
...
changing
...
the
...
loadBalance
...
property
...
to
...
set
...
it
...
to
...
true
...
(
...
false
...
is
...
the
...
default
...
if
...
it's
...
not
...
set).
Getting roles from Active Directory (via LDAP)
Download: security_ntlm_step_
...
In this example we're going back to step 1 but instead of obtaining the user information from the users.properties file, via the org.acegisecurity.userdetails.memory.InMemoryDaoImpl user details service, we'll access the information from Active Directory (via the LDAP protocol).
This example is exactly the same as step one except we've swapped out the user details service that accesses users.properties for the one that accesses that information LDAP server.
The information setup in the ldapUserSearch, ldapAuthoritiesPopulator and initialDirContextFactory will at least need to updated to reflect your local settings.
