piątek, września 13, 2013

Grails authentication using ActiveDirectory + remember me

// LDAP config
grails.plugins.springsecurity.ldap.context.managerDn = 'domain\\ldapbind'
grails.plugins.springsecurity.ldap.context.managerPassword = 'password'
grails.plugins.springsecurity.ldap.context.server = 'ldap://domain:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugins.springsecurity.ldap.search.base = 'dc=domain'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName', 'title']
grails.plugins.springsecurity.providerNames = ['rememberMeAuthenticationProvider', 'daoAuthenticationProvider', 'ldapAuthProvider', 'anonymousAuthenticationProvider']

grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='dc=domain'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
//grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})'

grails.plugins.springsecurity.rememberMe.persistent = true
grails.plugins.springsecurity.rememberMe.persistentToken.domainClassName = 'security.PersistentLogin'
grails.plugins.springsecurity.ldap.rememberMe.detailsManager.groupMemberAttributeName = 'member'
grails.plugins.springsecurity.ldap.rememberMe.detailsManager.groupSearchBase = 'dc=domain'
grails.plugins.springsecurity.ldap.rememberMe.usernameMapper.userDnBase = 'domain'
grails.plugins.springsecurity.ldap.rememberMe.usernameMapper.usernameAttribute = 'cn'
grails.plugins.springsecurity.ldap.rememberMe.detailsManager.attributesToRetrieve = null

//grails.plugins.springsecurity.ldap.context.baseEnvironmentProperties = [ 'java.naming.ldap.factory.socket' : //'org.springframework.ldap.extras.ad.access.TolerantSSLSocketFactory' ]
grails.plugins.springsecurity.ldap.authorities.clean.uppercase = true

grails.plugins.springsecurity.cacheUsers = true
grails.plugins.springsecurity.apf.continueChainBeforeSuccessfulAuthentication = false
grails.plugins.springsecurity.apf.allowSessionCreation = false
grails.plugins.springsecurity.useSessionFixationPrevention = true
grails.plugins.springsecurity.rememberMe.alwaysRemember = true
grails.plugins.springsecurity.rememberMe.persistent = true

grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
   '/user/**':     ['ROLE_ADMIN'],
   '/role/**': ['ROLE_ADMIN'],
   '/registrationcode/**': ['ROLE_ADMIN'],
   '/acl*/**': ['ROLE_ADMIN'],
   '/securityinfo/usercache':   ['ROLE_NO_ACCESS'],
   '/security*/**':     ['ROLE_ADMIN'],
   '/processing*/**':     ['ROLE_ADMIN'],
   '/js/**':        ['IS_AUTHENTICATED_ANONYMOUSLY'],
   '/css/**':       ['IS_AUTHENTICATED_ANONYMOUSLY'],
   '/images/**':    ['IS_AUTHENTICATED_ANONYMOUSLY'],
   '/login/**':     ['IS_AUTHENTICATED_ANONYMOUSLY'],
   '/logout/**':    ['IS_AUTHENTICATED_ANONYMOUSLY'],
   '/*/**':         ['IS_AUTHENTICATED_REMEMBERED']
]

0 komentarze: