Versions Compared

Old Version 7

changes.mady.by.user Shaun Forbes

Saved on

compared with

New Version Current

changes.mady.by.user Shaun Forbes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
{note} The latest windows authentication bundle is available [here|^org.acegisecurity.ntlm_1.4.4.jar] {note} h1. First step to enable integrated login *Download:* [^security
Wiki Markup
Note

The latest windows authentication bundle is available here

First step to enable integrated login

Download: security_ntlm_step_1.xml

...

This

...

example

...

contains

...

the

...

bare

...

minimum

...

to

...

enable

...

Windows

...

Integrated

...

Authentication

...

and

...

should

...

be

...

used

...

as

...

a

...

first

...

step

...

to

...

test

...

the

...

authentication.

...

It

...

does

...

not

...

provide

...

access

...

to

...

Weave

...

at

...

all

...

if

...

the

...

user

...

is

...

not

...

part

...

of

...

the

...

domain

...

or

...

if

...

they

...

are

...

not

...

listed

...

in

...

the

...

users.properties

...

file.

...

It

...

requires

...

that

...

each

...

user

...

that

...

will

...

be

...

given

...

access

...

to

...

the

...

system

...

be

...

listed

...

in

...

the

...

users.properties

...

file,

...

but

...

since

...

this

...

is

...

for

...

testing

...

that

...

should

...

only

...

be

...

one

...

or

...

two

...

users.

...

It

...

will

...

require

...

editing

...

of

...

the

...

ntlmProcessingFilter

...

bean

...

to

...

at

...

least

...

set

...

the

...

correct

...

defaultDomain

...

and

...

domainController

...

.

...


It

...

may

...

also

...

require

...

changing

...

the

...

loadBalance

...

property

...

to

...

set

...

it

...

to

...

true

...

(

...

false

...

is

...

the

...

default

...

if

...

it's

...

not

...

set).

...

Depending

...

upon

...

the

...

version

...

of

...

active

...

directory

...

you're

...

running

...

you

...

may

...

need

...

to

...

specify

...

a

...

username/password

...

for

...

the

...

ntlmProcessingFilter

...

.

...


If

...

you

...

find

...

authentication

...

errors

...

in

...

the

...

weave.log

...

file

...

after

...

enabling

...

integrated

...

authentication

...

then

...

change

...

the

...

ntlmProcessingFilter

...

to

...

the

...

following

...

and

...

set

...

the

...

appropriate

...

username/password.

...

access}
Code Block
xml
xml
titleSetting username/password
for
domain
access
linenumberstrue
	<bean id="ntlmProcessingFilter" class="org.acegisecurity.ui.ntlm.NtlmProcessingFilter">
		<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
		<property name="authenticationManager" ref="ntlmAuthenticationManager"/>
		<property name="defaultDomain">
			<value>cohga.local</value>
		</property>
		<property name="domainController">
			<value>192.168.0.80</value>
		</property>
		<property name = "JCifsProperties">
			<map>
				<entry key="jcifs.smb.client.username">
					<value>username</value>
				</entry>
				<entry key="jcifs.smb.client.password">
					<value>password</value>
				</entry>
			</map>
		</property>
	</bean>
{code}

Additional

...

properties

...

that

...

can

...

effect

...

the

...

authentication

...

process

...

can

...

be

...

found

...

here

...

,

...

where

...

they

...

can

...

be

...

set

...

in

...

the

...

JCifsProperties

...

section

...

to

...

alter

...

the

...

authentication

...

process.

Image Added

Extended authentication example

Download: security_ntlm_step_2.xml

...

This

...

example

...

expands

...

on

...

the

...

original

...

bare

...

minimum

...

example

...

but

...

includes

...

anonymous

...

authentication

...

plus

...

form

...

login.

...

It

...

will

...

also

...

require

...

editing

...

of

...

the

...

ntlmProcessingFilter

...

bean

...

to

...

at

...

least

...

set

...

the

...

correct

...

defaultDomain

...

and

...

domainController

...

.

...


It

...

may

...

also

...

require

...

changing

...

the

...

loadBalance

...

property

...

to

...

set

...

it

...

to

...

true

...

(

...

false

...

is

...

the

...

default

...

if

...

it's

...

not

...

set).

Image Added

Getting roles from Active Directory (via LDAP)

Download: security_ntlm_step_3.xml

...

In

...

this

...

example

...

we're

...

going

...

back

...

to

...

step

...

1

...

but

...

instead

...

of

...

obtaining

...

the

...

user

...

information

...

from

...

the

...

users.properties

...

file,

...

via

...

the

...

org.acegisecurity.userdetails.memory.InMemoryDaoImpl

...

user

...

details

...

service,

...

we'll

...

access

...

the

...

information

...

from

...

Active

...

Directory

...

(via

...

the

...

LDAP

...

protocol).

...

This

...

example

...

is

...

exactly

...

the

...

same

...

as

...

step

...

one

...

except

...

we've

...

swapped

...

out

...

the

...

user

...

details

...

service

...

that

...

accesses

...

users.properties

...

for

...

the

...

one

...

that

...

accesses

...

that

...

information

...

LDAP

...

server.

...

The

...

information

...

setup

...

in

...

the

...

ldapUserSearch

...

,

...

ldapAuthoritiesPopulator

...

and

...

initialDirContextFactory

...

will

...

at

...

least

...

need

...

to

...

updated

...

to

...

reflect

...

your

...

local

...

settings.

Image Added