AbstractExternalSetupProcessor class
Acegi Security. See Spring Security.
administrative user
- with an external database
- with CAS
  - Defining User Roles Statically
  - Defining User Roles Statically
- with LDAP
  - organizationRoleMap
  - Setting Up Multiple Providers
adminUsernames property
- Defining User Roles Statically
- Defining User Roles Statically
- Defining User Roles Statically
alwaysRequestOrgIdOnLoginForm property
authentication
- anonymous
- CAS overview
- credentials
- defined
- deployment procedure
- external, defined
- internal
- LDAP overview
authentication manager
authentication provider
authenticationManager bean
authenticationProcessingFilter bean
authoritiesByUsernameQuery property
- Retrieving User Roles from an External Data Source
- Retrieving Roles from the External Database
authorization
- defined
- of external users
BindAuthenticator class
- example
- userDnPatterns property
CAS
- administrative users
  - Defining User Roles Statically
  - Defining User Roles Statically
- authentication overview
- beans
- certificates
  - CAS Server for Testing
  - Configuring Java to Trust the CAS Certificate
- hiding Log Out link
- Jasig website
- login page
- mapping to multiple organizations
- organizations
- overview
- REST and
- retrieving roles from an external data source
- setting organizations using a JDBC database
- single sign-on
  - CAS Authentication
  - Overview of External CAS Authentication
- SOAP
- specifying a single organization
- Spring Security customization
  - Overview of External CAS Authentication
  - Configuring JasperReports Server for CAS Authentication
- static role assignment
  - Defining User Roles Statically
  - Defining User Roles Statically
- test server
- Ticket Granting Ticket cookie
casJDBCUserDetailsService bean
- authoritiesByUsernameQuery property
- dataSource property
- detailsQuery property
- usersByUsernameQuery property
casServiceProperties bean
- sendRenew property
- service property
casUserAuthorityService bean
- defaultAdminRoles property
  - Defining User Roles Statically
  - Defining User Roles Statically
- defaultInternalRoles property
  - Defining User Roles Statically
  - Defining User Roles Statically
Central Authentication Service. See CAS.
certificates for CAS
- CAS Server for Testing
- Configuring Java to Trust the CAS Certificate
conflictingExternalInternalRoleNameSuffix property
- Avoiding Role Collisions
- Avoiding Role Collisions
- Avoiding Role Collisions
cookies with CAS
customAuthenticationProvider bean
daoAuthenticationProvider bean
- with internal authentication
- with LDAP
database. See internal database.
dataSource property
- Retrieving User Roles from an External Data Source
- Retrieving Roles from the External Database
debugging
defaultAdminRoles property
- Defining User Roles Statically
- Defining User Roles Statically
- Defining User Roles Statically
defaultInternalRoles property
- Defining User Roles Statically
- Defining User Roles Statically
- Retrieving User Roles from an External Data Source
- Retrieving Roles from the External Database
- Defining User Roles Statically
DefaultLdapAuthoritiesPopulator class
- branch DN value
- example
- groupRoleAttribute property
- groupSearchFilter property
- searchSubtree property
defaultOrganization property
- Mapping to a Single Organization
- Mapping to Multiple Organizations
delegatingExceptionTranslationFilter bean
deployment
documentation
- premium documentation
- standard documentation
driverClassName property (external database)
email address
excludeRootDn property
external authentication
- bean API
- customAuthenticationProvider bean
  - External Authentication Beans
  - External Authentication Beans
- externalDataSynchronizer bean
  - External Authentication Beans
  - External Authentication Beans
- proxyAuthenticationProcessingFilter bean
external authentication. See authentication.
external database
- administrative users
- JDBC driver
- login page
- roles
- Spring Security customization
- with CAS
externalAuthProperties
externalAuthProperties bean
- alwaysRequestOrgIdOnLoginForm property
- externalLoginUrl property
- logoutUrl property
- ssoServerLocation property
externalDataSource bean
- driverClassName property
- example
  - Setting the Database Connection Parameters
  - Setting the Database Connection Parameters
- password property
- url property
- username property
externalDataSynchronizer bean
- externalUserProcessors property
  - External Authentication Beans
  - External Authentication Beans
- LDAP
- with external authentication
  - External Authentication Beans
  - External Authentication Beans
ExternalDataSynchronizer bean
externalLoginUrl property
externalTenantSetupProcessor bean
- CAS example
- defaultOrganization property
externalUserProcessors property
- External Authentication Beans
- External Authentication Beans
externalUserSetupProcessor bean
- adminUsernames property
- avoiding role collisions example
- conflictingExternalInternalRoleNameSuffix property
- defaultAdminRoles property
- defaultInternalRoles property
- example
- example of static roles
- organizationRoleMap property
  - Retrieving User Roles from an External Data Source
  - Retrieving Roles from the External Database
- static roles example
  - Defining User Roles Statically
  - Defining User Roles Statically
externalUserTenantDetailsService bean
groupRoleAttribute property
groupSearchFilter property
internal authentication. See authentication.
internal database
Internal database
iReport. See Jaspersoft iReport Designer.
JasperAnalysis. See Jaspersoft OLAP.
JasperReports Library
JasperServer. See administering JasperReports Server.
Jaspersoft iReport Designer
JIAuthenticationSynchronizer bean
keytool utility
LDAP
- administrative users
  - organizationRoleMap
  - Setting Up Multiple Providers
- beans
- bind authentication
- login page
- matching RDN patterns
  - Performing LDAP User Search
  - Specifying userDnPatterns Parameters
- Microsoft Active Directory
- organization mapping
- overview
- roles
- searching for usernames
  - Performing LDAP User Search
  - Specifying userSearch Parameters
- setting connection parameters
- single sign-on
- URL
- users with same login name
- with default internal authentication
ldapAuthenticationManager bean
ldapAuthenticationProvider bean
- Overview of LDAP Beans
- Performing LDAP User Search
- Mapping the User Roles
ldapContextSource bean
- constructor-arg value
- example
ldapExternalTenantProcessor bean
- defaultOrganization property
  - Mapping to a Single Organization
  - Mapping to Multiple Organizations
- multiple organizations
- with CAS
ldapExternalUserProcessor bean
- excludeRootDn property
- organizationRDNs property
- rootOrganizationId property
- rootOrganizationRolesMap property
Lightweight Directory Access Protocol. See LDAP.
logging
login page
- external database
  - Overview of External Database Authentication
  - Configuring the Login Page for a Single-Organization Deployment
- hiding Log Out link for CAS
- internal
- with CAS
- with LDAP
logoutUrl property
Microsoft Active Directory
MTAbstractExternalProcessor class
MTExternalJDBCUserDetailsService bean
- authoritiesByUsernameQuery property
- dataSource property
- usersByUsernameQuery property
mtExternalUserSetupProcessor bean
mtUserAuthorityServiceTarget bean
organizationRDNs property
organizationRoleMap property
- organizationRoleMap
- Retrieving User Roles from an External Data Source
- Retrieving Roles from the External Database
organizations
- managing external organizations
- overview
- with CAS
- with LDAP
password property
password property (LDAP)
PasswordComparisonAuthenticator class
principal objects
processors
- extending the AbstractExternalSetupProcessor class
- extending the MTAbstractExternalProcessor class
- externalTenantSetupProcessor bean
- externalUserSetupProcessor bean
- implementing
profile attributes
proxyAuthenticationProcessingFilter bean
- LDAP
- with external authentication
proxyAuthenticationRestProcessingFilter bean
proxyAuthenticationSOAPProcessingFilter bean
reports
- creating
- JasperReports Library
- Jaspersoft iReport Designer
roles
- avoiding name collisions
- CAS
- external roles
  - Synchronization of External Users
  - Synchronization of Roles
- internal roles
- managing external roles
- mapping at organization level
- mapping internal
- mapping system roles
- synchronization
- system roles
- with an external database
- with CAS
  - Defining User Roles Statically
  - Defining User Roles Statically
- with LDAP
rootOrganizationId property
searchSubtree property
sendRenew property
service property
sessions
single sign-on
- defined
- with CAS
  - CAS Authentication
  - Overview of External CAS Authentication
- with LDAP
Spring Security
- with an external database
- with CAS
  - Overview of External CAS Authentication
  - Configuring JasperReports Server for CAS Authentication
ssoServerLocation property
synchronization
- defined
  - Terminology
  - Organizations and Users in JasperReports Server
- of roles
- of users
- with an external database
- with CAS
- with LDAP
troubleshooting
url property
userDn property (LDAP)
userDnPatterns property
username property
users
- defined
- email address
- externally defined
- managing external users
- profile attributes
- same login name in LDAP
- synchronization
- user sessions
usersByUsernameAndTenantNameQuery property
usersByUsernameQuery property
- Retrieving User Roles from an External Data Source
- Retrieving Roles from the External Database
userSearch bean
- branch RDN value
- example
- LDAP filter value
- search subtrees value

Authentication with Microsoft Active Directory

Microsoft Active Directory can be used to authenticate users through the ldapAuthenticationProvider provided by Spring Security.

For the purposes of basic external authentication, the only difference in configuration between Active Directory and a standard LDAP server is the need to search for the sAMAccountName attribute containing the user’s login name. Because of this requirement, you must use the BindAuthenticator bean, along with the userSearch bean and corresponding property in BindAuthenticator.

The following example shows how to configure the userSearch bean for LDAP authentication with the special syntax for Active Directory. This configuration is only an example; you need to configure the BindAuthenticator and ldapContextSource beans correctly for your LDAP server, as described earlier in this chapter.

<bean id="ldapAuthenticationProvider"
      class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
  <constructor-arg>
    <bean
      class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg><ref local="ldapContextSource"/></constructor-arg>
      <property name="userDnPatterns">
        <list>
          <value>uid={0},ou=users</value>
        </list>
      </property>
    </bean>
  </constructor-arg>
  ...
</bean>
<bean id="ldapContextSource"
      class="org.springframework.security.ldap.JSLdapContextSource">
  <constructor-arg value="ldap://hostname:389/dc=ADexample,dc=com"/>
  <property name="userDn"><value>cn=Administrator,dc=ADexample,dc=com</value></property>
  <property name="password"><value>password</value></property>
</bean>
<bean id="userSearch"
      class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <constructor-arg index="0"><value>cn=Users</value></constructor-arg>
  <constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg>
  <constructor-arg index="2"><ref local="ldapContextSource"/></constructor-arg>
  <property name="searchSubtree"><value>true</value></property>
</bean>

In the example above, the role mapping is omitted, as is the organization mapping. You must include a role mapping for any roles you want to import into JasperReports Server, and you must include an organization mapping if you implement multiple organizations in a commercial edition of JasperReports Server. For more information, see Mapping the User Roles.

Version:

v5.5.2

v5.5.1

v5.5.0

Main menu

You are here

Authentication with Microsoft Active Directory