WINDOWS AUTHENTICATION FOR SPRING BASED WEBAPP USING WAFFLE

[himansu badhai]

   
Hi,

I am using Waffle1.5 for windows authentication of my spring based web application.

Trying to authenticate user of format: Domain name\username

My configuration is something like this.

    <bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
        <constructor-arg>
            <list>
                <ref bean="negotiateSecurityFilterProvider" />              
                <ref bean="basicSecurityFilterProvider" />              
            </list>
        </constructor-arg>
    </bean>

  <bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
        <property name="Provider" ref="waffleSecurityFilterProviderCollection" />
        <property name="AllowGuestLogin" value="false" />
        <property name="PrincipalFormat" value="fqn" />
        <property name="RoleFormat" value="both" />
        <property name="grantedAuthorityFactory" ref="myGrantedAuthorityFactory"/>
   
  </bean>


Now, as my application is a role based application (different views for different roles), I want to pass the role information (role corresponding to the logged in user, fetched from a database) to the NegotiateSecurityFilter at run time and at the same time authenticate the user.


How can I achieve this?

Kindly provide your inputs.


Thanks in advance.

[Daniel Doubrovkine]

You should leave the authentication alone, then add another filter that does the lookup that will take the authenticated user (their SID) and do a database query, adding roles to the authenticated principal. In Spring this is something like this, but I am not expert: https://github.com/dblock/waffle/blob/master/Source/JNA/waffle-spring-security3/src/waffle/spring/WindowsAuthenticationToken.java#L83

--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

dB. | Moscow - Geneva - Seattle - New York
dblock.org - @dblockdotorg

[himansu badhai]

Thanks Daniel for your input.

I achieved windows authentications using waffle and I am able to access the application from my machine. But I am not able to access it from a different machine.

Exception is: org.springframework.security.access.AccessDeniedException: Access is denied

When I disabled anonymous authentication I am getting an exception:

org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext


Can someone please suggest how to fix the issue and access the application from any machine?

Thanks in advance.

Regards

Himansu

[Daniel Doubrovkine]

Can you trace an HTTP request that's failing? This error probably means that you're not actually hitting Waffle at all.

--

You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

dB. | Moscow - Geneva - Seattle - New York

code.dblock.org - @dblockdotorg - artsy.net - github/dblock

[Daniel Doubrovkine]

Re-sending to the mailing list.

On Tue, Jun 18, 2013 at 7:14 AM, himansu badhai <himan...@gmail.com> wrote:

Hi

The issue is now resolved and the application is working fine.

The problem was with the spring security Jar versions that I was using (had to use both 3.0.8 and 3.1.0 versions because I had to use custom authentication) and also the tomcat server config file where the connector address was explicitly mentioned as "localhost" only. Had to use the proper config (we can configure the host name in <host> tag. Also we can use an alias name for the server) and it was fixed, The application is now accessible from a different machine using the server IP address.


Thanks  for all your inputs and help.


Regards
Himansu