How can i use LDAP in CAS-3.0.7?
Scott Battaglia
scott.battaglia at gmail.com
Thu May 3 10:21:15 EDT 2007
The property "authenticatedReadOnly" is a property on an older version of
Spring LDAP. The property has been renamed to "anonymousReadOnly"
-Scott
On 5/3/07, xing luming <xingluming at hotmail.com> wrote:
>
> i use CAS-3.0.7 and Apache Directory Server 1.5.0
>
>
> this is my deployerConfigContext.xml
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> http://www.springframework.org/dtd/spring-beans.dtd">
> <!--
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
> | all CAS deployers will need to modify.
> |
> | This file declares some of the Spring-managed JavaBeans that make up a
> CAS deployment.
> | The beans declared in this file are instantiated at context
> initialization time by the Spring
> | ContextLoaderListener declared in web.xml. It finds this file because
> this
> | file is among those declared in the context parameter
> "contextConfigLocation".
> |
> | By far the most common change you will need to make in this file is to
> change the last bean
> | declaration to replace the default
> SimpleTestUsernamePasswordAuthenticationHandler with
> | one implementing your approach for authenticating usernames and
> passwords.
> +-->
> <beans>
> <!--
> | This bean declares our AuthenticationManager. The
> CentralAuthenticationService service bean
> | declared in applicationContext.xml picks up this AuthenticationManager
> by reference to its id,
> | "authenticationManager". Most deployers will be able to use the
> default AuthenticationManager
> | implementation and so do not need to change the class of this bean.
> We include the whole
> | AuthenticationManager here in the userConfigContext.xml so that you
> can see the things you will
> | need to change in context.
> +-->
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
> <!--
> | This is the List of CredentialToPrincipalResolvers that identify what
> Principal is trying to authenticate.
> | The AuthenticationManagerImpl considers them in order, finding a
> CredentialToPrincipalResolver which
> | supports the presented credentials.
> |
> | AuthenticationManagerImpl uses these resolvers for two purposes.
> First, it uses them to identify the Principal
> | attempting to authenticate to CAS /login . In the default
> configuration, it is the DefaultCredentialsToPrincipalResolver
> | that fills this role. If you are using some other kind of
> credentials than UsernamePasswordCredentials, you will need to replace
> | DefaultCredentialsToPrincipalResolver with a
> CredentialsToPrincipalResolver that supports the credentials you are
> | using.
> |
> | Second, AuthenticationManagerImpl uses these resolvers to identify a
> service requesting a proxy granting ticket.
> | In the default configuration, it is the
> HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
> | You will need to change this list if you are identifying services by
> something more or other than their callback URL.
> +-->
> <property name="credentialsToPrincipalResolvers">
> <list>
> <!--
> | UsernamePasswordCredentialsToPrincipalResolver supports the
> UsernamePasswordCredentials that we use for /login
> | by default and produces SimplePrincipal instances conveying the
> username from the credentials.
> |
> | If you've changed your LoginFormAction to use credentials other
> than UsernamePasswordCredentials then you will also
> | need to change this bean declaration (or add additional
> declarations) to declare a CredentialsToPrincipalResolver that supports the
> | Credentials you are using.
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
> <!--
> | HttpBasedServiceCredentialsToPrincipalResolver supports
> HttpBasedCredentials. It supports the CAS 2.0 approach of
> | authenticating services by SSL callback, extracting the callback
> URL from the Credentials and representing it as a
> | SimpleService identified by that callback URL.
> |
> | If you are representing services by something more or other than an
> HTTPS URL whereat they are able to
> | receive a proxy callback, you will need to change this bean
> declaration (or add additional declarations).
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
> <!--
> | Whereas CredentialsToPrincipalResolvers identify who it is some
> Credentials might authenticate,
> | AuthenticationHandlers actually authenticate credentials. Here we
> declare the AuthenticationHandlers that
> | authenticate the Principals that the CredentialsToPrincipalResolvers
> identified. CAS will try these handlers in turn
> | until it finds one that both supports the Credentials presented and
> succeeds in authenticating.
> +-->
> <property name="authenticationHandlers">
> <list>
> <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >
> <property name="httpClient" ref="httpClient" />
> </bean>
>
> <bean
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> <property name="filter" value="uid=%u"
> />
> <property name="searchBase"
> value="ou=system" />
> <property name="contextSource"
> ref="contextSource" />
> </bean>
> </list>
> </property>
> </bean>
> <bean id="contextSource" class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="authenticatedReadOnly" value="true" />
> <property name="password" value="secret" />
> <property name="pooled" value="true" />
> <property name="urls">
> <list>
> <value>ldap://localhost:10389/</value>
> <value>ldap://localhost:10389/</value>
> </list>
> </property>
> <property name="userName" value="uid=admin" />
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key><value>
> java.naming.security.protocol</value></key>
> <value>ssl</value>
> </entry>
> <entry>
> <key><value>
> java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> </beans>
>
>
>
> and CAS show me this error report.
> CAS is Unavailable
>
> There was a fatal error initializing the CAS application context. This is
> almost always because of an error in the Spring bean configuration files.
> Are the files valid XML? Do the beans they refer to all exist?
>
> Before placing CAS in production, you should change this page to present a
> UI appropriate for the case where the CAS web application is fundamentally
> broken. Perhaps "Sorry, CAS is currently unavailable." with some links to
> your user support information.
>
> The Throwable encountered at context listener initialization was:
>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'centralAuthenticationService' defined in ServletContext
> resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean
> 'authenticationManager' while setting bean property 'authenticationManager';
> nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authenticationManager' defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1' of type
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while setting
> bean property 'authenticationHandlers' with key [1]; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name '
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1' defined
> in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> resolve reference to bean 'contextSource' while setting bean property
> 'contextSource'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'contextSource' defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Error setting property values; nested
> exception is org.springframework.beans.NotWritablePropertyException:
> Invalid property 'authenticatedReadOnly' of bean class [
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]: Bean
> property 'authenticatedReadOnly' is not writable or has an invalid setter
> method. Does the parameter type of the setter match the return type of the
> getter?
>
> The Throwable encountered at dispatcher servlet initialization was:
>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'centralAuthenticationService' defined in ServletContext
> resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean
> 'authenticationManager' while setting bean property 'authenticationManager';
> nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authenticationManager' defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1' of type
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while setting
> bean property 'authenticationHandlers' with key [1]; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name '
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1' defined
> in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> resolve reference to bean 'contextSource' while setting bean property
> 'contextSource'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'contextSource' defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Error setting property values; nested
> exception is org.springframework.beans.NotWritablePropertyException:
> Invalid property 'authenticatedReadOnly' of bean class [
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]: Bean
> property 'authenticatedReadOnly' is not writable or has an invalid setter
> method. Does the parameter type of the setter match the return type of the
> getter?
>
> what should i do now? i have wrote <property name="httpClient"
> ref="httpClient" /> in HttpBasedServiceCredentialsAuthenticationHandler too.
>
> thank you!!
>
>
>
>
> ------------------------------
> ʹÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþ ϵͳ¡ª MSN Hotmail <http://g.msn.com/8HMBCN/2755??PS=47575>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070503/a26e0a2a/attachment.html
More information about the cas
mailing list