From 17deee8b2120abc998cfb65988c54ffa39101177 Mon Sep 17 00:00:00 2001 From: Josef Rokos Date: Tue, 26 Aug 2014 12:44:05 +0200 Subject: [PATCH] =?UTF-8?q?Integrace=20s=20google=20apps-=20p=C5=99ihla?= =?UTF-8?q?=C5=A1ov=C3=A1n=C3=AD=20=C3=BA=C4=8Dtem=20google.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 5 + .../services/users/GmailUserService.java | 93 ++++++++++++++++++ src/main/webapp/WEB-INF/gmail.properties | 1 + .../WEB-INF/locales/zk-label.properties | 1 + src/main/webapp/WEB-INF/spring/gmail-auth.xml | 14 +++ src/main/webapp/WEB-INF/spring/ldap-auth.xml | 8 +- .../webapp/WEB-INF/spring/root-context.xml | 22 ++++- src/main/webapp/img/google.png | Bin 0 -> 7805 bytes src/main/webapp/login-gmail.zhtml | 21 ++++ 9 files changed, 156 insertions(+), 9 deletions(-) create mode 100644 src/main/java/info/bukova/isspst/services/users/GmailUserService.java create mode 100644 src/main/webapp/WEB-INF/gmail.properties create mode 100644 src/main/webapp/WEB-INF/spring/gmail-auth.xml create mode 100644 src/main/webapp/img/google.png create mode 100644 src/main/webapp/login-gmail.zhtml diff --git a/pom.xml b/pom.xml index 215a470a..5a13e178 100644 --- a/pom.xml +++ b/pom.xml @@ -80,6 +80,11 @@ spring-security-ldap ${org.springframework-version} + + org.springframework.security + spring-security-openid + ${org.springframework-version} + org.springframework spring-test diff --git a/src/main/java/info/bukova/isspst/services/users/GmailUserService.java b/src/main/java/info/bukova/isspst/services/users/GmailUserService.java new file mode 100644 index 00000000..0a81c17e --- /dev/null +++ b/src/main/java/info/bukova/isspst/services/users/GmailUserService.java @@ -0,0 +1,93 @@ +package info.bukova.isspst.services.users; + +import info.bukova.isspst.Constants; +import info.bukova.isspst.data.Role; +import info.bukova.isspst.data.User; + +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.openid.OpenIDAttribute; +import org.springframework.security.openid.OpenIDAuthenticationToken; + +public class GmailUserService implements AuthenticationUserDetailsService { + + private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class); + + private UserService userService; + private RoleService roleService; + private String restrictDomain; + + public GmailUserService(UserService userService, RoleService roleService) { + this.userService = userService; + this.roleService = roleService; + } + + @Override + public UserDetails loadUserDetails(OpenIDAuthenticationToken token) + throws UsernameNotFoundException { + + String email = null; + String firstName = null; + String lastName = null; + List attributes = token.getAttributes(); + + for (OpenIDAttribute attribute : attributes) { + if (attribute.getName().equals("email")) { + email = attribute.getValues().get(0); + } + if (attribute.getName().equals("firstName")) { + firstName = attribute.getValues().get(0); + } + if (attribute.getName().equals("lastName")) { + lastName = attribute.getValues().get(0); + } + } + + String userAndDomain[] = email.split("@"); + String username = userAndDomain[0]; + String domain = userAndDomain[1]; + + if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) { + logger.warn("Try to login from foreign domain"); + + throw new UsernameNotFoundException("Email from foreign domain"); + } + + UserDetails user; + + try { + user = userService.loadUserByUsername(username); + } catch (UsernameNotFoundException e) { + logger.info("Username not found in database. Creating one"); + + User usr = new User(); + usr.setUsername(username); + usr.setFirstName(firstName); + usr.setLastName(lastName); + usr.setEmail(email); + usr.setEnabled(true); + usr.setNotify(true); + + Role role = roleService.getRoleByAuthority(Constants.ROLE_USER); + usr.addAuthority(role); + + userService.grantAdmin(); + userService.add(usr); + userService.removeAccess(); + + user = userService.loadUserByUsername(username); + } + + return user; + } + + public void setRestrictDomain(String restrictDomain) { + this.restrictDomain = restrictDomain; + } + +} diff --git a/src/main/webapp/WEB-INF/gmail.properties b/src/main/webapp/WEB-INF/gmail.properties new file mode 100644 index 00000000..27ba5836 --- /dev/null +++ b/src/main/webapp/WEB-INF/gmail.properties @@ -0,0 +1 @@ +gmail.restrictDomain= \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/locales/zk-label.properties b/src/main/webapp/WEB-INF/locales/zk-label.properties index 5ce002d2..692dbcdc 100644 --- a/src/main/webapp/WEB-INF/locales/zk-label.properties +++ b/src/main/webapp/WEB-INF/locales/zk-label.properties @@ -272,6 +272,7 @@ Login=Přihlásit Loggingin=Přihlášení Logout=Odhlásit WrongNameOrPassword=Špatné jméno nebo heslo +LoginViaGoogle=Přihlásit účtem Google DateFormat=dd. MM. yyyy diff --git a/src/main/webapp/WEB-INF/spring/gmail-auth.xml b/src/main/webapp/WEB-INF/spring/gmail-auth.xml new file mode 100644 index 00000000..0f41a618 --- /dev/null +++ b/src/main/webapp/WEB-INF/spring/gmail-auth.xml @@ -0,0 +1,14 @@ + + + + + + + + + + diff --git a/src/main/webapp/WEB-INF/spring/ldap-auth.xml b/src/main/webapp/WEB-INF/spring/ldap-auth.xml index 5670d09f..1d3f7f06 100644 --- a/src/main/webapp/WEB-INF/spring/ldap-auth.xml +++ b/src/main/webapp/WEB-INF/spring/ldap-auth.xml @@ -19,12 +19,8 @@ - - - - ${ldap.userDNPattern} - - + + diff --git a/src/main/webapp/WEB-INF/spring/root-context.xml b/src/main/webapp/WEB-INF/spring/root-context.xml index 62af5814..181e3060 100644 --- a/src/main/webapp/WEB-INF/spring/root-context.xml +++ b/src/main/webapp/WEB-INF/spring/root-context.xml @@ -27,6 +27,7 @@ /WEB-INF/jdbc.properties /WEB-INF/ldap.properties /WEB-INF/mail.properties + /WEB-INF/gmail.properties @@ -36,7 +37,10 @@ class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" p:driverClassName="${jdbc.driverClassName}" p:url="${jdbc.databaseurl}" p:username="${jdbc.username}" - p:password="${jdbc.password}"> + p:password="${jdbc.password}"> + + + @@ -81,16 +85,28 @@ - + + + + + + + + + + - + diff --git a/src/main/webapp/img/google.png b/src/main/webapp/img/google.png new file mode 100644 index 0000000000000000000000000000000000000000..c911ded1b421eb459795ff5a3a00c66b48b3aed0 GIT binary patch literal 7805 zcmV-@9)jVCP)pW2d2A|BMeOSa&3_G6xdvs-a>3qgb`>jbTr~z8AFhj zfeH{PHfM%}pj_fwNw3t+EcxURJoc}(`OOvGEz+|DT4B~6c_AVKKoYPO=YnmQ|N6Nv zdMvxOSUrD`zChw11*d@FE(Et>Jn;UMyw~@nlai~ek9INEjDM6UB*B*}?qBGS5teh4D_>3(rgPuiL3@HA|g?+g=KgH?e~BU8RRm z@p&{^qWD;IRCNITL9`Q{YP_TyB}+yl+@q7%P06e6ep7nCI;)yi!iRSsmi=)v=uwI9 zZT{Cz6ilo<1gg&yS2#i_@q_XA14m!CvshiPuRBW8&oDD^yZ;ue^xE_Q;eBx= zGcyok(}vsgUprWLU;>1mss3#J1 zoGaY@SpNFWa|ltO`){8HVC}a?brziD(pQjLA!;10j-0<7{qX#)0BbHBLhr|3-Vs=4 zI#Z&9MP>-(SY-AtK$q*&d~jRdK>?->7oW-2RBL+v_j9cMyR(lrm?HToxeTebNs*A7 zCZs8ve%<8SFIj% z8hxHv)a(jNuc?XL)fb55aezuB0=xnoG@t@F;^7xa!O`o!G4ej-Z@Gu_-F<~TJR%SO z3x$6ogohM-H6GgH-iF}AkXEif|I`OpjXt>>z^c(Fe>R|AiuJrmI>KKl{1;iK&J-rf z!rMgQsYv0cgzzI2?#IJY2stR^pipKZJnhdFzU7(SxVI&ED}^w|gDO{_f7-Qu zo>;`H^O~P)D~a|NF(8{BHZaLB)4GENP-`z5PLD?y@YipQycqeth{KWAB7V~5;rS1A z`_%QT#tdm6rMMFJTagSfN#BwKUSSPkg}(j5JA*Nvd->?8H%F`5rS$C22j0w!BBcUx`1_G8$Lwt56QhF z?rA(TvS$LScP}0e!1D7>ru>3ols)nCrrvX2o+|e%Ov>OvxXa|-75x4cXP-E9XP^Q| zjrbT}kb9(wg~+>0z6JbS(TKX~sWZ|a>!m^(o{z0~cs{mlsgZTR!u;!wZ;Egsm&w}$ zKM&93emgq1etUOwW16+U$fL(i^}Wlt~RwXp+<+|)`akGOuyq$tY|bG~#? zoj-)0a~87p!lB2=!$O6OD-(>6nbhNvm)>3bwK%=l^WnH=?btuOMz1-4jIGw_Q|R;L zpMD)e<~It#@PI-Fd8U)3JKh|1e8<(NHz)e_e7nT@bm)XKYf%Q2vB)y_r-s+h^#!rj zvD0g4b5@*zNSze}z~|)>jjVqm3YnkEGm$BSJY$hEIgv6`{HcyzwsSjE^5}L$x+Cb9 ziX8+deh$#>`{}0C8o-9B1$4fyj*U|bHX1%IrdA1R%#KtP{j|r=cLJE8?fI1i3On}* z7o6VNL*{1+nKsIVt%Pt}k4Ikou*teU@&W+8AB&%D*^{rjGMSkQnR4WRO||xWxj53=I3y1*V>lzsx&hh7~Aier$C@B!v~-=lt<^>%Mh5Jsx>+m!EBu zi63Iw(@U<9t5)u2t~j!CKVI%P^m%DHZ;Xh+WoIRFUF1(7k4z3YcIGD&0HWdbyVh(* z*5l7~z|Q^T7vL`lx1=Md=0RD%=nm=PqaH*rf;>rVF0(k%S9XajBsri&%TgS$! z1&>Nv1ZJoy#=CUWy4r#r2c>L*WeXC&eFpEH^G{2prtr^rI8q)YWzyZ}{PE#k&9!{g z@c?AJ)k<8OGUC{rANb znaL7#U18akw5Afy(R%W*LD6|z5_zG%t;8@e%c=sBKKiWtSKN`GI5Yd6l8VWg6x&fU zYgcql^`~?ak_7a2s_FL6=Lcb4yus z_KB?{w%sbc)Nmw^AUr9z(th*bSRC)q$TDV@j*;z2jWK{u{W1ad_Bn%i`@B;+deGOD zaR`}+kU=3+4$wVud7st#JhhlrqXyua%zWIdk(=DXbF3Gl7r^Zvpg}yO8ox16xc` z?G*Wt)uT?hPpAR+Yvfw25T?=C*skxq_ z4tQK2jwACA_IBKe&)}K8`PNCSb6rViHP-jZV7LV8dR|6?18iK=vl-< zT;G-Zf4CTtY1lfn@BBBf>G$HQEz3s^0HFW;H<|>}EjVj1hDfpbb}%#R*cciI1JCXc zu1b6`U_%HqNl`XAEg|NqHX}@p|>d@f{cI&KC;_1RLV|Y%?c9#(8_B>HXJ{Am40BqS-JaqV>g-Yj$*nYC+cB zcjR1v1&;zDrdaN{`_S@HCp^QpOh)eAv@h8L7WUvmFg;`I;<;zA~OT6ej&_J;r^*X{ZoLBTb(5s=@ais2EV+N$Y=yCCW< zT;Wc1EJ^V}v6z1fsaR4Um%d}N;eF;U9o2i@vinw#jJea`-@m%&NocU=BC~pl_5e}T zlnXcpvk}$Piyzx(S2(le8#}dV<2Sx#*wIOdZwA{W9t3!2dMZl*x5(qHn42fZFYFZH zw|ifnKm}4G7R5);Bp}Lo;KSs;TWP_0V!587`&w>dvMNP%F>eyRgBc%z*f_PIq04pY z1qK&o*FZ89*^NctPtT~lJ@1pxSg?+m4fdG%e-cH}^r~rv4Lcb?3@A@EtL{5FI^&ok zbBk#PCetT^E6V1*F@L*2Xxn`S5rN`h!8Y82CU?sOjL%PUw6K)x)ngdr0UNv z?90}CS!}G_39b0#-Q+bQYB9EDW8>^d!c&~RZ~9yFE|DQK8ltgrf2G&eQuANM!OX_U^#PK( zo6KAie_wJnrxq*vG?8zS zPaQQN8JoQlTkvdwCjb|&9?`$!suBJ69a!7*J$>8F<0y?_GB+$pW@8E_R{ni@W>*Tv zSAA~CQq~11cE3@JfN#~A$KujD;Z>3>*0CKqq?Ed0uP553T_;Jc;-dvoOs^DXWYcO2 ze2nu-mV;T$sxk2|`xGn~`PNLMBX{OB%LWArpY}>nAITSiER%^djlk(e*VL-`>e|s=bFGd0b}~%D>1W1eUT%rp;2yk> zOXrr&U%`su{q_%7`4cLUG}pu*Vy+wsMM#k$+6ZpXA744Rc2+TY6ZRim@g#`DWlP** zi>RgSh2=<5oxA2FT2QPl5rlKus=-I6_NKoKp}Ry*;sZ^D%0Y|DA8FE`Mzaayaao+% zN={A*qn|&)(RW#FGaeO=|91ytNo_(|oRg@aA{VH9aDuvA!$K^kKK zuA7A}#*j;qiEmclRrHs_iB)^BbK@Nn+fLu1&~N4NW9heG`FohZPLs&z5s{Gez{=tM ziu)~C!SXZv?mMvRW|okiS=uP+a-5GX8;&J32$65b6ZsRWE=;jblAco}4sQxV;WB{5gL^eEg>$dOC)tDu0&_Y6 zS7hYq;6j;3nREtl2J+uEfkAO( zTs@GSf1r=lUpXCk|*5?@$?(R`*l3_g_Zl~3iBsc zke*puE$AA8N8q?zj?7&OPA4fmls}v2pjDVUsAz>im+**70x#cp=g8-x3_6{)WxA_>F!ZRF8{#i#XR&@1J!OL!b? z3?G`fN=}4hrnqbz<0duI6+lnyx}Pw&37}&mqa%(Pyk^GTnhVhdJAS5WdJ!9@HYc8| z?}UJv3LwYIw2MG z*zz;W4$oe@Z0L^9ddaEHn{)ALeeCs9dv6b{y1Por9bZ9uR>?>EGEX=C5jY5 zl#-ZrSk(UBPUAP622eY@GkN1H_Dndva(#BLE^on-ZO6IyTd&C zX0Z?t{am^weeOBd?}e2tA6B;AXP2IN3`>V`p!%A0rC z`QT4LG=|?}{Ff}L@`we!9Em6NI0ZH)2H_5rW-g@0g3o0H#&t>LS%Wdr#`3X^-CK_4 z?(!|>QI;y0nJAc8wJ?8tO>XVXVhSfz?8ahwbGeKQi5T04RZTuxvxW*CppMC zYoHNw%9ou{cFyv_{W=U-xTEzN_-c6qs@~^;z6#cQr?slN<2F)1yEFOYDm%&a1B{;} z{6}Vr^~0F`evI*&!OiJeou6-ckG%08ke=1$GXVBMJ?Gh4XDyT-!A zxiEF?B*e7l+IJbo7K}@{?(t@)eCs*9`Ph2;zqo=o&*_zKdqO359!v71bP0!orPQ;V%->?^S3 zNP)53q&tM>03XM8j+8-vU?k{Lu&*HHB*ZfIg^^{Dwj%3Ye{a{F`qlEG$I)xy8!S7c z&%XfwYBI9j$GpIPfuxKD7oi5wFsq6o17I6BD%{XPW#KGlj4jomGHsF|^SWy0Z?Rglv@ip*#g zg5HIw3r)4g$r77Iku#`vR>_hbZhG68V=&5-i!A|Hw#+7eVy;Haf5;8b+@Af|@?mAT ztTpg^GmUL7iimqm7R-b-omKQCt7_8igI+Da{`JAVIq8)(yFU<=H?D&8?9$}l8^(#~ z9MFj-dZ>j9v*=TYB%87d*@`sLqV75kS`J!|qBQu7`g^;r_^fd(AKn)QXTVFVSw6I1 zp_~5<7yz7vh&3uTYhp>)uRAIS{qvw#%Gd4{1AGE(4Cq13+w-5m31$p~II?6%5559t zrNK)SlM^wej&!mh%VV+ zE1?rfN{sau@shB6PI_ha{3WOLX5gYV&9rW}yl8v{^|P8^*pYkH#%>1PWgH1Q8+0O2 zB3awG<|KK09Qp{TFljm1Vq}$=r!lL;eM9}d-S+w|es7*$M*o-MlUz%O_RR(F0pv+) zmz;=liA{>ACFs3@i`LY~{=XL~Qk<}8)n0=uA@^+s$C${M=wOh-a9}HWfpqg0vahFSmB!M^ zt)nB@DmHy23X{UpOf7gmR05r9p+kW&`57_gY>3*x_018giE@I|&IL;Emr;c5<4 z%W|&Wwfsqy)XgX%e?oPUndV5G7Uw$DV8*M4-I!5kY5mO3I~1rFjIa0yH~T;Gm;gi; zCH6y+D-?b-yK8Ok_zl$0I^uJDj%5s7xbw}p_|#qudbOO-4Olz6%k`vZcl}ZT^gpQ; zOsJxEW-<8_D=skXSBTs=fyAFBU0Qcn$(m;Ar;55ntID5PiMgna`R<8k_7JE?!g*rf zC|guNtMlN4Wv+)_&3J%X{)7tZW|mSgzG|dQPhqr5=-K*UjXgh{(KXZQ>JMq%xS5(+ zop(V=Hc~&UGx_5x3S}%4Ds7>KrcE|5eNXASL%{kQYq{gzj?6l4G@~%fr6e7fo>jVR z&+idSL7gU59%dQeoP86unKnyY^x@rIo;w)k8Xa2h1KB!U0m@VS;u2i?Bt5HiS^k8I zJ-$Qz?9Sv)sNlmHC0l?iv1|szBCvJ`%S;ae>j1Ul@iiD63$!+~>?=W60MyOgyFjSE z>3Yor;=@4DD5yRJtiQ3gO$}{i>Kqq+H_1z-v3sl7>-*)7TaVl_@>mxK-x8UxJ_M}4 zv1Ufd9!iai7A41z${k->T0gs#yzzTiEmA+bD`uW=CX1_UqlNXeyVm87``{3;{+3$( ztRsTKYLmGM#i{fN$)5m7&)V~s`{sUcLl&+#H~p;~=bJI$x*P)5-=5XdBT}e|3*3Sr zU}#|ORU2;09k;RVXM?HP64l>(1i4p!FbVmXxSm~u>VJ8}LG`C%4#^D%sO63Ofb{Gx zbh>KecR;^RvW#j`U;nI`-3|6s{p`|Rrn+*k+;9x&TF|x0EiSLWr`vtGSFWf2p00<0 z^|#oHCU2yAdS^Oa^}z_>8E6to6BXE ztvnd#dI(qtxaE#pPyOt! + + ${labels.Loggingin} + + +
+
+ +
+ Google +
+ + +
+
+ + +