Integrace s google apps- přihlašování účtem google.

10 years ago · 17deee8b21
parent d886e1e4f4
commit 17deee8b21
9 changed files with 156 additions and 9 deletions
--- a/pom.xml
+++ b/pom.xml
@ -80,6 +80,11 @@
    		<artifactId>spring-security-ldap</artifactId>
    		<version>${org.springframework-version}</version>
  		</dependency>
+  		<dependency>
+        	<groupId>org.springframework.security</groupId>
+        	<artifactId>spring-security-openid</artifactId>
+        	<version>${org.springframework-version}</version>
+    	</dependency>
  		<dependency>
    		<groupId>org.springframework</groupId>
    		<artifactId>spring-test</artifactId>
--- a/src/main/java/info/bukova/isspst/services/users/GmailUserService.java
+++ b/src/main/java/info/bukova/isspst/services/users/GmailUserService.java
@ -0,0 +1,93 @@
+package info.bukova.isspst.services.users;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.openid.OpenIDAttribute;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
+
+public class GmailUserService implements AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
+
+	private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class); 
+	
+	private UserService userService;
+	private RoleService roleService;
+	private String restrictDomain;
+	
+	public GmailUserService(UserService userService, RoleService roleService) {
+		this.userService = userService;
+		this.roleService = roleService;
+	}
+	
+	@Override
+	public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
+			throws UsernameNotFoundException {
+		
+		String email = null;
+		String firstName = null;
+		String lastName = null;
+		List<OpenIDAttribute> attributes = token.getAttributes();
+
+		for (OpenIDAttribute attribute : attributes) {
+			if (attribute.getName().equals("email")) {
+				email = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("firstName")) {
+				firstName = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("lastName")) {
+				lastName = attribute.getValues().get(0);
+			}
+		}
+		
+		String userAndDomain[] = email.split("@");
+		String username = userAndDomain[0];
+		String domain = userAndDomain[1];
+		
+		if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) {
+			logger.warn("Try to login from foreign domain");
+			
+			throw new UsernameNotFoundException("Email from foreign domain");
+		}
+		
+		UserDetails user;
+		
+		try {
+			user = userService.loadUserByUsername(username);
+		} catch (UsernameNotFoundException e) {
+			logger.info("Username not found in database. Creating one");
+			
+			User usr = new User();
+			usr.setUsername(username);
+			usr.setFirstName(firstName);
+			usr.setLastName(lastName);
+			usr.setEmail(email);
+			usr.setEnabled(true);
+			usr.setNotify(true);
+			
+			Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
+			usr.addAuthority(role);
+			
+			userService.grantAdmin();
+			userService.add(usr);
+			userService.removeAccess();
+			
+			user = userService.loadUserByUsername(username);
+		}
+		
+		return user;
+	}
+
+	public void setRestrictDomain(String restrictDomain) {
+		this.restrictDomain = restrictDomain;
+	}
+
+}
--- a/src/main/webapp/WEB-INF/gmail.properties
+++ b/src/main/webapp/WEB-INF/gmail.properties
@ -0,0 +1 @@
+gmail.restrictDomain=
--- a/src/main/webapp/WEB-INF/locales/zk-label.properties
+++ b/src/main/webapp/WEB-INF/locales/zk-label.properties
@ -272,6 +272,7 @@ Login=Přihlásit
 Loggingin=Přihlášení
 Logout=Odhlásit
 WrongNameOrPassword=Špatné jméno nebo heslo
+LoginViaGoogle=Přihlásit účtem Google


 DateFormat=dd. MM. yyyy
--- a/src/main/webapp/WEB-INF/spring/gmail-auth.xml
+++ b/src/main/webapp/WEB-INF/spring/gmail-auth.xml
@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<bean id="gmailUserService" class="info.bukova.isspst.services.users.GmailUserService">
+		<constructor-arg ref="userService"/>
+		<constructor-arg ref="roleService"/>
+		<property name="restrictDomain" value="${gmail.restrictDomain}"/>
+	</bean>
+
+</beans>
--- a/src/main/webapp/WEB-INF/spring/ldap-auth.xml
+++ b/src/main/webapp/WEB-INF/spring/ldap-auth.xml
@ -19,12 +19,8 @@
 	</bean>
 	
 	<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
-	            <constructor-arg ref="contextSource"/>
-	            <property name="userDnPatterns">
-	                <list>
-	                    <value>${ldap.userDNPattern}</value>
-	                </list>
-	            </property>
+		<constructor-arg ref="contextSource"/>
+		<property name="userDnPatterns" value="#{'${ldap.userDNPattern}'.split(';')}"/>
 	</bean>

 	<bean id="populator" class="info.bukova.isspst.security.AuthPopulator">
--- a/src/main/webapp/WEB-INF/spring/root-context.xml
+++ b/src/main/webapp/WEB-INF/spring/root-context.xml
@ -27,6 +27,7 @@
 				<value>/WEB-INF/jdbc.properties</value>
 				<value>/WEB-INF/ldap.properties</value>
 				<value>/WEB-INF/mail.properties</value>
+				<value>/WEB-INF/gmail.properties</value>
 			</list>
 		</property>
 	</bean>
@ -36,7 +37,10 @@
        class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
        p:driverClassName="${jdbc.driverClassName}"
        p:url="${jdbc.databaseurl}" p:username="${jdbc.username}"
-        p:password="${jdbc.password}"></bean>
+        p:password="${jdbc.password}">
+        	<property name="validationQuery" value="SELECT 1"/>
+        	<property name="testOnBorrow" value="true"/>
+        </bean>
        
 	<bean id="sessionFactory"
        class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
@ -81,16 +85,28 @@
 		<security:intercept-url pattern="/admin/permissions/**" access="hasRole('PERM_READ_PERMISSIONS')"/>
 		<security:intercept-url pattern="/admin/addressbook/**" access="hasRole('PERM_READ_ADDRESSBOOK')"/>
 		<security:intercept-url pattern="/munits/**" access="hasRole('PERM_READ_MUNITS')"/>
-		<security:form-login login-page="/login.zhtml"
+		<security:form-login login-page="/login-gmail.zhtml"
 			authentication-failure-handler-ref="loginFail"
 			authentication-success-handler-ref="loginSuccess"/>
 		<security:http-basic/>
+		
+		<security:openid-login authentication-failure-handler-ref="loginFail"
+			authentication-success-handler-ref="loginSuccess" 
+			user-service-ref="gmailUserService">
+			<security:attribute-exchange identifier-match="https://www.google.com/.*">
+                <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
+                <security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
+                <security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
+            </security:attribute-exchange>
+		</security:openid-login>
+		
 		<security:logout invalidate-session="true"/>
 	</security:http>

 	<import resource="database-auth.xml"/>
+	<import resource="gmail-auth.xml"/>
 	<!-- <import resource="ldap-auth.xml"/> --> 
-	
+		
 	<import resource="mail-services.xml"/>

 	<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
--- a/src/main/webapp/img/google.png
+++ b/src/main/webapp/img/google.png
--- a/src/main/webapp/login-gmail.zhtml
+++ b/src/main/webapp/login-gmail.zhtml
@ -0,0 +1,21 @@
+<html
+	xmlns="native"
+	xmlns:u="zul"
+	xmlns:zk="zk">
+	<head>
+		<title>${labels.Loggingin}</title>
+	</head>
+	<body style="height: 100%; padding: 0 5px;">
+		<div style="height: 15%" />
+		<div align="center">
+			<u:include src="login.zul" />
+			<br/>
+			<img src="img/google.png" alt="Google"/>
+			<form action="j_spring_openid_security_check" method="post">
+				<input name="openid_identifier" type="hidden" value="https://www.google.com/accounts/o8/id"/>
+   				<input type="submit" value="${labels.LoginViaGoogle}" class="nicebutton"/>
+			</form>
+		</div>
+		
+	</body>
+</html>