I'm new to Apache Shiro and LDAP. I'm trying to create a simple LDAP Authentication using Apache shiro. The authentication worked, but I'm unable to add roles to the user. Below is the shiro.ini file i'm using:
[main]
realm = org.apache.shiro.realm.ldap.JndiLdapRealm
realm.contextFactory.url = ldap://localhost:389
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.systemUsername = cn=Manager,dc=maxcrc,dc=com
contextFactory.systemPassword = secret
[roles]
People = *
role = *
Administrator = *
And below is the java class file:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import java.util.ArrayList;
import java.util.List;
import javax.naming.NamingException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;
public class LDAPTest extends JndiLdapRealm
{
public static final String userName = "uid=aarippa,ou=People,dc=maxcrc,dc=com";
//public static final String userName = "uid=arjunarippa";
public static final String password = "SomePassword";
public static void main(String[] args)
{
Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager( securityManager );
System.out.println( "userName is : " +userName);
System.out.println( "password is : " +password);
//UsernamePasswordToken token = new UsernamePasswordToken( "cn=Panji Pratomo,ou=people,dc=maxcrc,dc=com", "SomePassword" );
UsernamePasswordToken token = new UsernamePasswordToken( userName,password );
Subject currentUser = SecurityUtils.getSubject();
//System.out.println(currentUser);
try
{
currentUser.login( token );
System.out.println( "We've authenticated! :)" );
}
catch ( AuthenticationException e )
{
System.out.println( "We did not authenticate :(" );
e.printStackTrace();
}
if ( currentUser.hasRole( "people" ) )
{
System.out.println( "We have the role! :)" );
}
else
{
System.out.println( "We do not have the role :(" );
}
if ( currentUser.isPermitted( "foo.blah" ) )
{
System.out.println( "We're authorized! :)" );
}
else
{
System.out.println( "We are not authorized :(" );
}
}
}
I'm unable to understand how to add roles to the the users. The authentication is working fine but getting the error message as "We do not have the role :(" and "We are not authorized :(" Currently I'm using an OpenLDAP server and below is one .LDIF entry I've made in the server:
dn: uid=aarippa,ou=people,dc=maxcrc,dc=com
objectclass: inetOrgPerson
cn: Arjun Arippa
cn: A Arippa
cn: Aarippa
sn: fahmi
uid: aarippa
userpassword: SomePassword
carlicense: HISCAR 123
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: tukang ngulik ga jelas
ou: SOA
Can anyone please let me know if i've done the right thing by adding the correct roles and correct me if am wrong. Am i missing something in methods written?
Thanks, Arjun
Out of the box the generic LDAPRealm does not handle roles. The Active Directory Realm does (if you are on AD). Otherwise you can extend the realm and implement the doGetAuthorizationInfo method.
An LDAP server can be configured in almost limitless number of ways, though there are a few common strategies. How are your users associated with your groups? Do you have an example query, or example Group record?