Cimande:User Authorization

From BlueOxygen Wiki

Jump to: navigation, search

Cimande implements several model of user authorization.

Right now cimande only has 2 user authorization, we are adding Spring Security to the container, so you can flexibly add more choice in user authorzation implementation..

User Authorization Type

  1. Database
    Database means all username, password and profile of user stored in database.
  1. LDAP
    LDAP means username, password and several attribute stored in LDAP database. We use Spring-LDAP as the connector


[edit] User Authorization Setting

Open the applicationContext.xml (located in /WEB-INF/ ), change the bean class from DefaultUserAccessor to LDAPUserAccessor 

<bean   id="userAccessor"
            class="org.blueoxygen.cimande.security.DefaultUserAccessor"
            singleton="false">
        <property name="persistenceManager"><ref bean="persistenceManager"/></property>
    </bean>

becomes 

<bean   id="userAccessor"
            class="org.blueoxygen.cimande.security.ldap.LDAPUserAccessor"
            singleton="false">
        <property name="ldapTemplate"><ref bean="ldapTemplate"/></property>
        <property name="persistenceManager">
            <ref bean="persistenceManager"/>
        </property>
    </bean>

Open "cimande.properties", located in /WEB-INF/src/config

Change the LDAP username, password and URL, below are the setting for ApacheDS 

ldap.url=ldap://localhost:10389
ldap.base=dc=example,dc=com
ldap.username=uid=admin,ou=system
ldap.password=secret
# %s will be replace with your username at login
ldap.bind.filter=uid=%s,ou=People

Our default attribute mapping between user and LDAP are: 

cn = username
uid = username
givenname = firstname
sn = lastname
Retrieved from "http://www.blueoxygen.org/wiki/index.php/Cimande:User_Authorization"
Personal tools