Setting Up an LDAP Provider for Spring Security
This page describes how you can configure a Spring Security LDAP provider, which can be used by Mule 2.2 or later as follows:
As its security provider via SpringProviderAdapter
- To perform component authorization
For information on configuring an in-memory provider, see Configuring Security.
Setup
Before proceeding, ensure that you have the following .jar files in your project classpath:
- spring-security-ldap-3.1.2.RELEASE.jar
- spring-security-core-3.1.2.RELEASE.jar
- spring-ldap-core-1.3.1.RELEASE.jar
If you do not already have these files, you can download them here:
- https://repo.springsource.org/libs-release-local/org/springframework/security/spring-security/3.1.2.RELEASE/spring-security-3.1.2.RELEASE-dist.zip (this link contains spring-security-core-3.1.2.RELEASE.jar and spring-security-ldap-3.1.2.RELEASE under the "dist" directory)
- http://s3.amazonaws.com/dist.springframework.org/release/LDAP/spring-ldap-1.3.1.RELEASE-minimal.zip (this contains spring-ldap-1.3.1.RELEASE.jar inside the "dist" directoy)
Declaring the Beans
You must set up two beans in Spring, a DefaultSpringSecurityContextSource and an LdapAuthenticationProvider. The DefaultSpringSecurityContextSource is the access point for obtaining an LDAP context where the LdapAuthenticationProvider provides integration with the LDAP server. For example:
You need to set up an LDAP context source that will be used by the spring security authentication provider to search and authenticate your users. Also, you need to define an authentication manager with an embedded LDAP authentication provider as shown:
More information about the LDAP authentication provider and the different mechanisms to authenticate users against your LDAP server can be found here: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ldap.html.
Configuring the Mule Security Provider
The SpringSecurityProviderAdapter delegates to an AuthenticationProvider such as the LdapAuthenticationProvider.
With the above configuration, you can achieve endpoint-level security and other security features in Mule that require one or more security providers.
Configuring the MethodSecurityInterceptor
The configuration for component authorization is similar to the one described in Component Authorization Using Spring Security. A key point of configuration is securityMetadataSource:
The roles are looked up by the DefaultLdapAuthoritiesPopulator, which you configured in the previous section. By default, a role is prefixed with ROLE_, and its value is extracted and converted to uppercase from the LDAP attribute defined by the groupRoleAttribute.
Go Further
For information on configuring an in-memory provider, see Configuring Security.
This page
Other pages
Account
Administration