LDS Account Integration - Part 1

This training is meant to be a comprehensive introduction to the Java Stack's integration with LDS Account. It will cover authentication integration with Spring Security as well as a consistent interface for accessing user information for the authenticated user.

Prerequisites

• Basic knowledge of Java
• Basic knowledge of Spring
  • Part 1 - Introduction to Spring
  • Part 2 - Introduction to Spring

Slide Deck

Media:LDS_Account_Integration_Training.pptx

Section 1

Lab 1

Objectives

• Become familiar with the LdsAccountDetails object.

Steps

• Review the Java docs for the LdsAccountDetails object - http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account/apidocs/org/lds/stack/ldsaccount/LdsAccountDetails.html
  • Find the Java docs by navigating to the site without using the link above (start by typing Stack in your browser)
  • Find the method that would return the list of positions (in the most current format available) that the current user holds. Also find the method that would tell you if the user is a member or not.

Lab 1 Solution

Section 2

Lab 2

Objectives

• Learn how LDS Account integrates with authentication mechanisms such as Spring Security

Steps

• Download and install the following application: Media:lds-account-training1.zip‎
  • Unzip the file into your workspace
  • In the LDSTech IDE go to File -> Import... -> Maven (expand) -> Existing Maven Projects -> Next
  • Browse to the unzipped project and press Finish
  • Start the automatically generated (if using LdsTech IDE) server
  • Test that the application runs without error - http://localhost: 8080/lds-account-training1
    • You should hit a login page but be unable to log in

• Now, for the lab, modify the project to use in-memory authentication using the documentation found here - http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-spring/index.html#In_Memory_Authentication
  • Add the in-memory namespace handler configuration to applicationContext.xml
    • Add attributes for preferred name and gender for at least one of your in-memory users
  • Configure the authentication manager (sec:authentication-manager) to utilize the ldsAccountAuthenticationProvider generated by the in-memory namespace handler
  • Now hit the application and log in with your in memory user - http://localhost: 8080/lds-account-training1

• Extra credit
  • If you are within the firewall and have a test LDS Account application account, change the configuration from in-memory to real LDS Account authentication
  • Remove in-memory namespace handler
  • Add lds-account-spring-ldap dependency listed here - http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-ldap-spring/index.html
  • Add ldap-server namespace handler
  • Add ldap namespace handler
  • Install necessary certs - found here - https://tech.lds.org/wiki/LDS_Certs_and_Java (not for use in production), or set validate-tls-certificates="false" attribute on the ldap-server element - BUT DO NOT GO TO PROD WITH THAT SET TO FALSE.

Lab 2 Solution

Section 3 (Authorities Populators)

Section 4 (LDS Account - LDAP Search)

Conclusion