// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'security.AuthUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'security.AuthUserAuthRole'
grails.plugins.springsecurity.authority.className = 'security.AuthRole'
// LDAP config
grails.plugins.springsecurity.ldap.context.managerDn = 'domain\\user'
grails.plugins.springsecurity.ldap.context.managerPassword = 'passw0rd'
grails.plugins.springsecurity.ldap.context.server = 'ldap://dc:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugins.springsecurity.ldap.search.base = 'dc=domain,dc=internal'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName', 'title']
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='dc=domain,dc=internal'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})'
//grails.plugins.springsecurity.ldap.context.baseEnvironmentProperties
grails.plugins.springsecurity.ldap.authorities.clean.uppercase = true
Akcje na kontrolerach można zabezpieczyć za pomocą adnotacji grails.plugins.springsecurity.Secured np.
@Secured(['ROLE_ITSM_ADMINS','ROLE_ADMIN'])
def list() {
Log.find(params)
}
gdzie "ITSM Admins" to nazwa grupy w Active Directory.
public static String describeLogin() {
if (springSecurityService.principal instanceof String)
return "Authorization: "+springSecurityService.principal
def user = AuthUser.findByUsername(springSecurityService.principal.username)
if (user)
return "Logged in as: "+user.username
return "Not logged in"
}
piątek, marca 01, 2013
Subskrybuj:
Komentarze do posta (Atom)
0 komentarze:
Prześlij komentarz