Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
h1. First step to enable integrated login *Download:* [^security
Wiki Markup
Note

The latest windows authentication bundle is available here

First step to enable integrated login

Download: security_ntlm_step_1.xml

...

This

...

example

...

contains

...

the

...

bare

...

minimum

...

to

...

enable

...

Windows

...

Integrated

...

Authentication

...

and

...

should

...

be

...

used

...

as

...

a

...

first

...

step

...

to

...

test

...

the

...

authentication.

...

It

...

does

...

not

...

provide

...

access

...

to

...

Weave

...

at

...

all

...

if

...

the

...

user

...

is

...

not

...

part

...

of

...

the

...

domain

...

or

...

if

...

they

...

are

...

not

...

listed

...

in

...

the

...

users.properties

...

file.

...

It

...

requires

...

that

...

each

...

user

...

that

...

will

...

be

...

given

...

access

...

to

...

the

...

system

...

be

...

listed

...

in

...

the

...

users.properties

...

file,

...

but

...

since

...

this

...

is

...

for

...

testing

...

that

...

should

...

only

...

be

...

one

...

or

...

two

...

users.

...

It

...

will

...

require

...

editing

...

of

...

the

...

ntlmProcessingFilter

...

bean

...

to

...

at

...

least

...

set

...

the

...

correct

...

defaultDomain

...

and

...

domainController

...

.

...


It

...

may

...

also

...

require

...

changing

...

the

...

loadBalance

...

property

...

to

...

set

...

it

...

to

...

true

...

(

...

false

...

is

...

the

...

default

...

if

...

it's

...

not

...

set).

...

Depending

...

upon

...

the

...

version

...

of

...

active

...

directory

...

you're

...

running

...

you

...

may

...

need

...

to

...

specify

...

a

...

username/password

...

for

...

the

...

ntlmProcessingFilter

...

.

...


If

...

you

...

find

...

authentication

...

errors

...

in

...

the

...

weave.log

...

file

...

after

...

enabling

...

integrated

...

authentication

...

then

...

change

...

the

...

ntlmProcessingFilter

...

to

...

the

...

following

...

and

...

set

...

the

...

appropriate

...

username/password.

...

access}
Code Block
xml
xml
titleSetting username/password
for
domain
access
linenumberstrue
	<bean id="ntlmProcessingFilter" class="org.acegisecurity.ui.ntlm.NtlmProcessingFilter">
		<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
		<property name="authenticationManager" ref="ntlmAuthenticationManager"/>
		<property name="defaultDomain">
			<value>cohga.local</value>
		</property>
		<property name="domainController">
			<value>192.168.0.80</value>
		</property>
		<property name = "JCifsProperties">
			<map>
				<entry key="jcifs.smb.client.username">
					<value>username</value>
				</entry>
				<entry key="jcifs.smb.client.password">
					<value>password</value>
				</entry>
			</map>
		</property>
	</bean>
{code}

Additional

...

properties

...

that

...

can

...

effect

...

the

...

authentication

...

process

...

can

...

be

...

found

...

here

...

,

...

where

...

they

...

can

...

be

...

set

...

in

...

the

...

JCifsProperties

...

section

...

to

...

alter

...

the

...

authentication

...

process.

Image Added

Extended authentication example

Download: security_ntlm_step_2.xml

...

This

...

example

...

expands

...

on

...

the

...

original

...

bare

...

minimum

...

example

...

but

...

includes

...

anonymous

...

authentication

...

plus

...

form

...

login.

...

It

...

will

...

also

...

require

...

editing

...

of

...

the

...

ntlmProcessingFilter

...

bean

...

to

...

at

...

least

...

set

...

the

...

correct

...

defaultDomain

...

and

...

domainController

...

.

...


It

...

may

...

also

...

require

...

changing

...

the

...

loadBalance

...

property

...

to

...

set

...

it

...

to

...

true

...

(

...

false

...

is

...

the

...

default

...

if

...

it's

...

not

...

set).

Image Added

Getting roles from Active Directory (via LDAP)

Download: security_ntlm_step_3.xml

...

In

...

this

...

example

...

we're

...

going

...

back

...

to

...

step

...

1

...

but

...

instead

...

of

...

obtaining

...

the

...

user

...

information

...

from

...

the

...

users.properties

...

file,

...

via

...

the

...

org.acegisecurity.userdetails.memory.InMemoryDaoImpl

...

user

...

details

...

service,

...

we'll

...

access

...

the

...

information

...

from

...

Active

...

Directory

...

(via

...

the

...

LDAP

...

protocol).

...

This

...

example

...

is

...

exactly

...

the

...

same

...

as

...

step

...

one

...

except

...

we've

...

swapped

...

out

...

the

...

user

...

details

...

service

...

that

...

accesses

...

users.properties

...

for

...

the

...

one

...

that

...

accesses

...

that

...

information

...

LDAP

...

server.

...

The

...

information

...

setup

...

in

...

the

...

ldapUserSearch

...

,

...

ldapAuthoritiesPopulator

...

and

...

initialDirContextFactory

...

will

...

at

...

least

...

need

...

to

...

updated

...

to

...

reflect

...

your

...

local

...

settings.

Image Added