Dear All
I am new to Grials and using LDAP authentication/ authorization against our Oracle DB. The authentication part was successful; however I need some clarification regarding the authorization.
I have written my custom UserDetails implementation for LDAP authentication.
I set the value ldapRetrieveDatabaseRoles = true in my SecurityConfig.groovy.
Where exactly I need assign the ROLES from DB to Spring Security? The DB is returning a
String array of ROLES.
My Roles.groovy file:
class Role {
static hasMany = [people: User]
/** description */
String description
/** ROLE String */
String authority
/** ROLES String array */
String[] roles
static constraints = {
//authority(blank: false, unique: false)
authority(blank: true, unique: false)
description()
}
static mapping={
table 'MDH_ROLE_USER'
}
}
My SecurityConfig.grrovy:
security {
// see DefaultSecurityConfig.groovy for all settable/overridable properties
/** enable Spring Security or not */
active = true
/** login user class fields (default user class = Person)*/
loginUserDomainClass = "User"
userName = 'username'
password = 'password'
enabled = 'enabled'
relationalAuthorities = 'authorities'
//you can specify method for to retrieve the roles. (you need to set relationalAuthorities=null)
getAuthoritiesMethod = null // 'getMoreAuthorities'
/**
* Authority domain class authority field name
* authorityFieldInList
*/
authorityDomainClass = "Role"
//authorityField = 'authority'
authorityField = 'roles'
requestMapClass = "Requestmap"
/** use RequestMap from DomainClass */
useRequestMapDomainClass=true
/** Requestmap domain class (if useRequestMapDomainClass = true) */
requestMapClass = 'Requestmap'
requestMapPathField = 'url'
requestMapConfigAttributeField = 'configAttribute'
/** authenticationProcessingFilter */
authenticationFailureUrl = '/login/authfail?login_error=1'
alwaysUseDefaultTargetUrl = false
filterProcessesUrl = '/j_spring_security_check'
/**
* if useRequestMapDomainClass is false, set request map
pattern in string
* see usage below
*/
requestMapString="""\
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISION
PATTERN_TYPE_APACHE_ANT
/=IS_AUTHENTICATED_ANONYMOUSLY
/login/**=IS_AUTHENTICATED_ANONYMOUSLY
/admin/**=ROLE_USER
/js/**=IS_AUTHENTICATED_ANONYMOUSLY
/css/**=IS_AUTHENTICATED_ANONYMOUSLY
/images/**=IS_AUTHENTICATED_ANONYMOUSLY
/plugins/**=IS_AUTHENTICATED_ANONYMOUSLY
/**=IS_AUTHENTICATED_FULLY
"""
/** default user's role for user registration */
defaultRole = 'ROLE_OPERATOR'
/** authenticationEntryPoint */
loginFormUrl="/login/auth"
defaultTargetUrl="/"
afterLogoutUrl="/"
forceHtpps=false
/** rememberMeServices */
/* cookieName = 'grails_remember_me'
alwaysRemember = true
tokenValiditySeconds = 1209600 //14 days
parameter = '_spring_security_remember_me'
rememberMeKey = 'grailsRocks'*/
// LDAP/ActiveDirectory
useLdap = true
ldapSearchSubtree = true
//whether or not to look for assigned roles in the database
ldapRetrieveDatabaseRoles = false
//whether or not to convert LDAP group membership to Roles
ldapRetrieveGroupRoles = false
ldapPasswordAttributeName='userPassword'//uid
ldapUsePassword = false
ldapServer = 'ldap://xxxx.xxxx.xxxxxx.xxxx:389'
ldapManagerDn = ''
ldapManagerPassword = ''
ldapSearchBase = ''
ldapSearchFilter = ''
useHttpSessionEventPublisher = true
// user caching
cacheUsers = true
}
/**
* Request Map domain class.
*/
class Requestmap {
String url
String configAttribute
static constraints = {
url(blank: false, unique: true)
configAttribute(blank: false)
}
}
When I run the application, I see the following:
Hibernate:
select
this_.id as id0_0_,
this_.version as version0_0_,
this_.config_attribute as config3_0_0_,
this_.url as url0_0_
from
requestmap this_
2009-07-27 09:13:33,864 [18859698@qtp0-0] ERROR util.JDBCExceptionReporter - ORA-00942: table or view does not exist
org.springframework.dao.InvalidDataAccessResourceUsageException: could not execute query; nested exception is org.hibernate.exception.SQLGrammarException: could not execute query
at org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:630)
at org.springframework.orm.hibernate3.HibernateAccessor.convertHibernateAccessException(HibernateAccessor.java:412)
at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:424)
at org.springframework.orm.hibernate3.HibernateTemplate.executeFind(HibernateTemplate.java:343)
at org.codehaus.groovy.grails.orm.hibernate.metaclass.ListPersistentMethod.doInvokeInternal(ListPersistentMethod.java:51)
at org.codehaus.groovy.grails.orm.hibernate.metaclass.AbstractStaticPersistentMethod.invoke(AbstractStaticPersistentMethod.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:52)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at org.codehaus.groovy.grails.plugins.orm.hibernate.HibernatePluginSupport$_addQueryMethods_closure38.doCall(HibernatePluginSupport.groovy:501)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1062)
at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:926)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:893)
at groovy.lang.Closure.call(Closure.java:279)
at org.codehaus.groovy.runtime.metaclass.ClosureStaticMetaMethod.invoke(ClosureStaticMetaMethod.java:59)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
at groovy.lang.MetaClassImpl.invokeStaticMethod(MetaClassImpl.java:1309)
at groovy.lang.ExpandoMetaClass.invokeStaticMethod(ExpandoMetaClass.java:937)
at groovy.lang.MetaObjectProtocol$invokeStaticMethod.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at org.codehaus.groovy.grails.plugins.orm.hibernate.HibernatePluginSupport$_enhanceSessionFactory_closure8.doCall(HibernatePluginSupport.groovy:280)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1062)
at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:926)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:893)
at groovy.lang.Closure.call(Closure.java:279)
at org.codehaus.groovy.runtime.metaclass.ClosureStaticMetaMethod.invoke(ClosureStaticMetaMethod.java:59)
at groovy.lang.MetaClassImpl.invokeStaticMissingMethod(MetaClassImpl.java:1362)
at groovy.lang.MetaClassImpl.invokeStaticMethod(MetaClassImpl.java:1350)
at groovy.lang.ExpandoMetaClass.invokeStaticMethod(ExpandoMetaClass.java:937)
at org.codehaus.groovy.runtime.callsite.StaticMetaClassSite.call(StaticMetaClassSite.java:35)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:121)
at org.codehaus.groovy.grails.plugins.springsecurity.RequestmapFilterInvocationDefinitionHelper.loadRequestmaps(RequestmapFilterInvocationDefinitionHelper.groovy:50)
at org.codehaus.groovy.grails.plugins.springsecurity.RequestmapFilterInvocationDefinition.reset(RequestmapFilterInvocationDefinition.java:57)
at org.codehaus.groovy.grails.plugins.springsecurity.RequestmapFilterInvocationDefinition.initialize(RequestmapFilterInvocationDefinition.java:48)
at org.codehaus.groovy.grails.plugins.springsecurity.AbstractFilterInvocationDefinition.findConfigAttribute(AbstractFilterInvocationDefinition.java:74)
at org.codehaus.groovy.grails.plugins.springsecurity.AbstractFilterInvocationDefinition.getAttributes(AbstractFilterInvocationDefinition.java:62)
at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:230)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
at org.codehaus.groovy.grails.plugins.springsecurity.GrailsAuthenticationProcessingFilter.super$3$doFilterHttp(GrailsAuthenticationProcessingFilter.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1062)
at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:926)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:127)
at org.codehaus.groovy.grails.plugins.springsecurity.GrailsAuthenticationProcessingFilter.doFilterHttp(GrailsAuthenticationProcessingFilter.groovy:56)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter.doFilterInternal(GrailsReloadServletFilter.java:101)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:533)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:207)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
Caused by: org.hibernate.exception.SQLGrammarException: could not execute query
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:90)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
at org.hibernate.loader.Loader.doList(Loader.java:2231)
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2125)
at org.hibernate.loader.Loader.list(Loader.java:2120)
at org.hibernate.loader.criteria.CriteriaLoader.list(CriteriaLoader.java:118)
at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1596)
at org.hibernate.impl.CriteriaImpl.list(CriteriaImpl.java:306)
at org.codehaus.groovy.grails.orm.hibernate.metaclass.ListPersistentMethod$1.doInHibernate(ListPersistentMethod.java:66)
at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:419)
... 120 more
Caused by: java.sql.SQLException: ORA-00942: table or view does not exist
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:145)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:743)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:213)
at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:908)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1114)
at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:959)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1234)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3415)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3459)
at org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:92)
at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:208)
at org.hibernate.loader.Loader.getResultSet(Loader.java:1808)
at org.hibernate.loader.Loader.doQuery(Loader.java:697)
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:259)
at org.hibernate.loader.Loader.doList(Loader.java:2228)
Appreciate if some one can brief in few words, how the roles are merged in to Spring Security.
Appreciate help.
Thanks in Advance.
