How can i use LDAP in CAS-3.0.7?
Dmitry Kochelaev
dkochelaev at gmail.com
Thu May 3 10:22:35 EDT 2007
Hello,
there is no property
<property name="authenticatedReadOnly" value="true" />
use <property name="anonymousReadOnly" value="false"/> instead.
On 5/3/07, xing luming <xingluming at hotmail.com> wrote:
>
> i use CAS-3.0.7 and Apache Directory Server 1.5.0
>
>
> this is my deployerConfigContext.xml
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> "http://www.springframework.org/dtd/spring-beans.dtd">
> <!--
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
> | all CAS deployers will need to modify.
> |
> | This file declares some of the Spring-managed JavaBeans that make up a
> CAS deployment.
> | The beans declared in this file are instantiated at context
> initialization time by the Spring
> | ContextLoaderListener declared in web.xml. It finds this file because
> this
> | file is among those declared in the context parameter
> "contextConfigLocation".
> |
> | By far the most common change you will need to make in this file is to
> change the last bean
> | declaration to replace the default
> SimpleTestUsernamePasswordAuthenticationHandler with
> | one implementing your approach for authenticating usernames and
> passwords.
> +-->
> <beans>
> <!--
> | This bean declares our AuthenticationManager. The
> CentralAuthenticationService service bean
> | declared in applicationContext.xml picks up this AuthenticationManager
> by reference to its id,
> | "authenticationManager". Most deployers will be able to use the default
> AuthenticationManager
> | implementation and so do not need to change the class of this bean. We
> include the whole
> | AuthenticationManager here in the userConfigContext.xml so that you can
> see the things you will
> | need to change in context.
> +-->
> <bean id="authenticationManager"
>
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
> <!--
> | This is the List of CredentialToPrincipalResolvers that identify what
> Principal is trying to authenticate.
> | The AuthenticationManagerImpl considers them in order, finding a
> CredentialToPrincipalResolver which
> | supports the presented credentials.
> |
> | AuthenticationManagerImpl uses these resolvers for two purposes.
> First, it uses them to identify the Principal
> | attempting to authenticate to CAS /login . In the default
> configuration, it is the
> DefaultCredentialsToPrincipalResolver
> | that fills this role. If you are using some other kind of credentials
> than UsernamePasswordCredentials, you will need to replace
> | DefaultCredentialsToPrincipalResolver with a
> CredentialsToPrincipalResolver that supports the credentials you are
> | using.
> |
> | Second, AuthenticationManagerImpl uses these resolvers to identify a
> service requesting a proxy granting ticket.
> | In the default configuration, it is the
> HttpBasedServiceCredentialsToPrincipalResolver that serves
> this purpose.
> | You will need to change this list if you are identifying services by
> something more or other than their callback URL.
> +-->
> <property name="credentialsToPrincipalResolvers">
> <list>
> <!--
> | UsernamePasswordCredentialsToPrincipalResolver
> supports the UsernamePasswordCredentials that we use for /login
> | by default and produces SimplePrincipal instances conveying the
> username from the credentials.
> |
> | If you've changed your LoginFormAction to use credentials other than
> UsernamePasswordCredentials then you will also
> | need to change this bean declaration (or add additional declarations)
> to declare a CredentialsToPrincipalResolver that supports the
> | Credentials you are using.
> +-->
> <bean
>
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
> <!--
> | HttpBasedServiceCredentialsToPrincipalResolver
> supports HttpBasedCredentials. It supports the CAS 2.0 approach of
> | authenticating services by SSL callback, extracting the callback URL
> from the Credentials and representing it as a
> | SimpleService identified by that callback URL.
> |
> | If you are representing services by something more or other than an
> HTTPS URL whereat they are able to
> | receive a proxy callback, you will need to change this bean
> declaration (or add additional declarations).
> +-->
> <bean
>
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
> <!--
> | Whereas CredentialsToPrincipalResolvers identify who it is some
> Credentials might authenticate,
> | AuthenticationHandlers actually authenticate credentials. Here we
> declare the AuthenticationHandlers that
> | authenticate the Principals that the CredentialsToPrincipalResolvers
> identified. CAS will try these handlers in turn
> | until it finds one that both supports the Credentials presented and
> succeeds in authenticating.
> +-->
> <property name="authenticationHandlers">
> <list>
> <bean
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >
> <property name="httpClient" ref="httpClient" />
> </bean>
>
> <bean
>
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
> >
> <property name="filter" value="uid=%u" />
> <property name="searchBase"
> value="ou=system" />
> <property name="contextSource"
> ref="contextSource" />
> </bean>
> </list>
> </property>
> </bean>
> <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="authenticatedReadOnly" value="true" />
> <property name="password" value="secret" />
> <property name="pooled" value="true" />
> <property name="urls">
> <list>
>
> <value>ldap://localhost:10389/</value>
>
> <value>ldap://localhost:10389/</value>
> </list>
> </property>
> <property name="userName" value="uid=admin" />
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
>
> <key><value>java.naming.security.protocol</value></key>
> <value>ssl</value>
> </entry>
> <entry>
>
> <key><value>java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> </beans>
>
>
>
> and CAS show me this error report.
>
>
> CAS is Unavailable
>
> There was a fatal error initializing the CAS application context. This is
> almost always because of an error in the Spring bean configuration files.
> Are the files valid XML? Do the beans they refer to all exist?
>
> Before placing CAS in production, you should change this page to present a
> UI appropriate for the case where the CAS web application is fundamentally
> broken. Perhaps "Sorry, CAS is currently unavailable." with some links to
> your user support information.
>
> The Throwable encountered at context listener initialization was:
>
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'centralAuthenticationService' defined in
> ServletContext resource [/WEB-INF/applicationContext.xml]:
> Cannot resolve reference to bean 'authenticationManager' while setting bean
> property 'authenticationManager'; nested exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'authenticationManager' defined in
> ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot create inner
> bean
> 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1'
> of type
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler]
> while setting bean property 'authenticationHandlers' with key [1]; nested
> exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name
> 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1'
> defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot resolve
> reference to bean 'contextSource' while setting bean property
> 'contextSource'; nested exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'contextSource' defined in ServletContext
> resource [/WEB-INF/deployerConfigContext.xml]: Error
> setting property values; nested exception is
> org.springframework.beans.NotWritablePropertyException:
> Invalid property 'authenticatedReadOnly' of bean class
> [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]:
> Bean property 'authenticatedReadOnly' is not writable or has an invalid
> setter method. Does the parameter type of the setter match the return type
> of the getter?
>
> The Throwable encountered at dispatcher servlet initialization was:
>
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'centralAuthenticationService' defined in
> ServletContext resource [/WEB-INF/applicationContext.xml]:
> Cannot resolve reference to bean 'authenticationManager' while setting bean
> property 'authenticationManager'; nested exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'authenticationManager' defined in
> ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot create inner
> bean
> 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1'
> of type
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler]
> while setting bean property 'authenticationHandlers' with key [1]; nested
> exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name
> 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#6972f1'
> defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot resolve
> reference to bean 'contextSource' while setting bean property
> 'contextSource'; nested exception is
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'contextSource' defined in ServletContext
> resource [/WEB-INF/deployerConfigContext.xml]: Error
> setting property values; nested exception is
> org.springframework.beans.NotWritablePropertyException:
> Invalid property 'authenticatedReadOnly' of bean class
> [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]:
> Bean property 'authenticatedReadOnly' is not writable or has an invalid
> setter method. Does the parameter type of the setter match the return type
> of the getter?
>
> what should i do now? i have wrote <property name="httpClient"
> ref="httpClient" /> in
> HttpBasedServiceCredentialsAuthenticationHandler too.
>
> thank you!!
>
>
>
> ________________________________
> ʹÓÃÊÀ½çÉÏ×î´óµÄµç×ÓÓʼþ ϵͳ¡ª MSN Hotmail
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
Dmitry Kochelaev
eVelopers Corporation
More information about the cas
mailing list