In Grails, how do I create and/or update users based on LDAP authentication, then log them in?
https://stackoverflow.com/questions/8942690
-
18-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I'm new to Grails, and have jumped into version 2. I'm developing a project that uses Spring Security 3 - and this is working fine - but I want to use my organisations LDAP server (if / when it is available) to do the following:
- authenticate users
- update the local user data with details from LDAP
- create the user if they don't exist
- update the local users password (in case the LDAP server isn't available)
- log that user in
I may have skipped a lot of fundamental stuff on my way to getting this working, like actually how Grails works - and I'm struggling to understand how to actually interrupt the Spring Security authentication process with an LDAP lookup, then how to get those details back in a way that I can use them to either update an existing user or create a new one...
I found a basic tutorial here: http://jamesjefferies.com/2011/01/06/grails-spring-security-ldap/ which means I can authenticate myself as a user from the LDAP server - although Spring Security still shows me as logged out, but will not let me log in either until I manually log out... so its kind of in a login-limbo.
The magic is doing my head in... at first I was amazed that I could build an entire web-app with a few commands and a few hours customization - but it's coming back to bite me now - as is the lack of useful examples... and the Spring Security LDAP plugin documentation is somewhat lacking (or maybe its my lack of understanding).
So, primarily I would like some help to complete the authentication so that it checks the user database for an existing user and updates them, or creates the user if they don't exist... but I would also love it if someone could give me a brief overview of the authentication process in Grails so I can understand whats actually happening, and where I should intercept things.
Cheers in advance for any help
Steve
해결책
There is a good example here that shows how to implement a custom user details mapper. I used that method on an LDAP login Grails 2.0 app successfully. Basically you have a CustomUserDetailsContextMapper that implements the UserDetailsContextMapper interface which you then use to override the default implementation by registering the bean in conf>spring>resources.groovy. Then inside your CustomUserDetailsContextMapper you check for a user(your domain class) with a matching username and if none exists you creates one using data from the ctx.originalAttrs which contains data from the ldap query results. You must then return a new org.springframework.security.core.userdetails.User. You can extend this class to add other fields that you want to be able to access directly from the principal object.
